Search criteria
902 vulnerabilities found for hp-ux by hp
VAR-200202-0006
Vulnerability from variot - Updated: 2024-07-23 22:34Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. It was previously known as UCD-SNMP. They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. HP has confirmed that large traps will cause OpenView Network Node Manager to crash. This may be due to an exploitable buffer overflow condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200202-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "3com",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adventnet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "american power conversion",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "aprisma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "avaya",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "bea",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "bmc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cnt",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "comtek services",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cscare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cacheflow",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "carrier access",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "compaq computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "computer associates",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "concord",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dart",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "entrada",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "equinox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "fluke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "general datacomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hirschmann",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "iplanet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "itouch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "infovista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "inktomi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "innerdive",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "karlnet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lantronix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "larscom incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lucent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mg soft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "marconi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mercury interactive",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "metrobility optical",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "micromuse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "monfox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "multinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "net snmp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "network harmoni",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nbase xyplex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netscout",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netsilicon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwave",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "optical access",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "perle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "powerware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "radware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "redback",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "snmp research",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sniffer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sonus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "the sco group sco unix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "tivoli",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "toshiba",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "unisphere",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "vertical",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "vina",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "wind river",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "world wide packets",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "xerox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "e security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "net com",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "snmp",
"scope": "eq",
"trust": 1.0,
"vendor": "snmp",
"version": "*"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "95"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nudesign team",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "outback resource group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "veritas",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bintec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "interniche",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ncipher corp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netscreen",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "95"
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "98 scd"
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "me"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (workstation)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "windows xp gold",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.0"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.6,
"vendor": "net snmp",
"version": "4.2.1"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.6,
"vendor": "net snmp",
"version": "4.1.1"
},
{
"model": "ucd-snmp",
"scope": "ne",
"trust": 0.6,
"vendor": "net snmp",
"version": "4.2.2"
},
{
"model": "snmp",
"scope": null,
"trust": 0.6,
"vendor": "snmp",
"version": null
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.1"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0.1"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.1.2"
},
{
"model": "ucd-snmp",
"scope": "ne",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.2.3"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.5"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.4"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.3"
},
{
"model": "research mid-level manager",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "research enterpol",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "research dr-web manager",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "brocade",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.6.0"
},
{
"model": "networks aos",
"scope": null,
"trust": 0.3,
"vendor": "redback",
"version": null
},
{
"model": "realplayer intranet",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "5.0"
},
{
"model": "software tcpware",
"scope": "eq",
"trust": 0.3,
"vendor": "process",
"version": "5.5"
},
{
"model": "software multinet",
"scope": "eq",
"trust": 0.3,
"vendor": "process",
"version": "4.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.5"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.1"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.11"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.2"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.0"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt workstation sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "domino snmp agents solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1x86"
},
{
"model": "domino snmp agents solaris sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "domino snmp agents hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "lrs",
"scope": null,
"trust": 0.3,
"vendor": "lantronix",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "solutions router ip console",
"scope": "eq",
"trust": 0.3,
"vendor": "innerdive",
"version": "3.3.0.406"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "procurve switch 8000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4108gl-bundle",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4108gl",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2525"
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2524"
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2512"
},
{
"model": "procurve switch 2424m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 2400m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 1600m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ov/sam",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.10"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "openview network node manager nt 4.x/windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.22000"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.211.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.210.x"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.111.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.110.x"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "openview network node manager nt 4.x/windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.02000"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.011.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.010.20"
},
{
"model": "openview network node manager windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.23.51/4.0"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.11"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.11"
},
{
"model": "openview extensible snmp agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.0"
},
{
"model": "openview emanate snmp agent solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.22.x"
},
{
"model": "openview emanate snmp agent hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.211.x"
},
{
"model": "openview emanate snmp agent hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.210.20"
},
{
"model": "openview distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "openview distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.03"
},
{
"model": "mc/serviceguard",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.20.00"
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.32"
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.00"
},
{
"model": "ito/vpo/ovo unix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "ems a.03.20",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ems a.03.10",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ems a.03.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "services nmserver",
"scope": "eq",
"trust": 0.3,
"vendor": "comtek",
"version": "3.4"
},
{
"model": "associates unicenter",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7.1.1"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7.1.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7"
},
{
"model": "openunix",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "8.0"
},
{
"model": "openserver",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "5.0.6"
},
{
"model": "openserver",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "5.0.5"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1"
},
{
"model": "web nms msp edition",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "web nms",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "snmp utilities",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "snmp api",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "mediation server",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "management builder",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "fault management toolkit",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "configuration management toolkit",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "cli api",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "agent toolkit java/jmx edition",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "agent toolkit c edition",
"scope": "eq",
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "webcache",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "3000"
},
{
"model": "webcache",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1000"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "4900"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "4400"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "3300"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1100"
},
{
"model": "ps hub",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "50"
},
{
"model": "ps hub",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "40"
},
{
"model": "dual speed hub",
"scope": null,
"trust": 0.3,
"vendor": "3com",
"version": null
},
{
"model": "brocade .0d",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "2.6"
},
{
"model": "solutions router ip console",
"scope": "ne",
"trust": 0.3,
"vendor": "innerdive",
"version": "3.3.0.407"
},
{
"model": "jetdirect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "x.21.00"
},
{
"model": "jetdirect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.32"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-007"
},
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:snmp:snmp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by the Oulu University Secure Programming Group.",
"sources": [
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
}
],
"trust": 0.9
},
"cve": "CVE-2002-0012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-0012",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0012",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#107186",
"trust": 0.8,
"value": "69.26"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#854306",
"trust": 0.8,
"value": "42.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200202-007",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-007"
},
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code \u30fb If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. MPE/iX is an Internet-ready operating system for the HP e3000 class servers. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. It was previously known as UCD-SNMP. They typically notify the manager that some event has occured or otherwise provide information about the status of the agent. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP trap messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. \nHP has confirmed that large traps will cause OpenView Network Node Manager to crash. This may be due to an exploitable buffer overflow condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0012"
},
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
}
],
"trust": 4.68
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0012",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#107186",
"trust": 3.2
},
{
"db": "BID",
"id": "4088",
"trust": 2.2
},
{
"db": "BID",
"id": "4732",
"trust": 1.9
},
{
"db": "BID",
"id": "4089",
"trust": 1.9
},
{
"db": "BID",
"id": "4132",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#854306",
"trust": 1.4
},
{
"db": "BID",
"id": "5043",
"trust": 1.3
},
{
"db": "XF",
"id": "8177",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200202-007",
"trust": 0.6
},
{
"db": "BID",
"id": "89608",
"trust": 0.3
},
{
"db": "BID",
"id": "89661",
"trust": 0.3
},
{
"db": "BID",
"id": "4203",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-007"
},
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"id": "VAR-200202-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.489583335
},
"last_update_date": "2024-07-23T22:34:48.127000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX00184",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00964944"
},
{
"title": "MS02-006",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx"
},
{
"title": "RHSA-2001:163",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2001-163.html"
},
{
"title": "#00215",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-1"
},
{
"title": "#00215",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-3"
},
{
"title": "IBM Information for VU#107186",
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/iafy-55krcv"
},
{
"title": "MS02-006",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms02-006.mspx"
},
{
"title": "RHSA-2001:163",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2001-163j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.cert.org/advisories/ca-2002-03.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/107186"
},
{
"trust": 1.6,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
},
{
"trust": 1.6,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc3000.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1212.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1213.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1215.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1270.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2570.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2571.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2572.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2573.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2574.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2575.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2576.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/4088"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/bid/4132"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/bid/4732"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/4089"
},
{
"trust": 1.6,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
},
{
"trust": 1.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0012"
},
{
"trust": 1.0,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-a"
},
{
"trust": 1.0,
"url": "http://www.iss.net/security_center/alerts/advise110.php"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/advisories/4211"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/5043"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1048"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a144"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a161"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a298"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-042.shtml"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20020213snmp.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr020701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr020901.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2002/at020001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-03"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0012"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/8177"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0013"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.asp"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/854306"
},
{
"trust": 0.3,
"url": "http://online.securityfocus.com/bid/4088"
},
{
"trust": 0.3,
"url": "http://online.securityfocus.com/bid/4089"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769"
},
{
"trust": 0.3,
"url": "http://online.securityfocus.com/news/474"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-007"
},
{
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-01-16T00:00:00",
"db": "CERT/CC",
"id": "VU#107186"
},
{
"date": "2002-02-12T00:00:00",
"db": "CERT/CC",
"id": "VU#854306"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89608"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89661"
},
{
"date": "2002-06-18T00:00:00",
"db": "BID",
"id": "5043"
},
{
"date": "2002-05-13T00:00:00",
"db": "BID",
"id": "4732"
},
{
"date": "2002-02-27T00:00:00",
"db": "BID",
"id": "4203"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4088"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"date": "2002-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200202-007"
},
{
"date": "2002-02-13T05:00:00",
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#107186"
},
{
"date": "2007-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#854306"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89608"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89661"
},
{
"date": "2009-07-11T13:56:00",
"db": "BID",
"id": "5043"
},
{
"date": "2002-05-13T00:00:00",
"db": "BID",
"id": "4732"
},
{
"date": "2009-07-11T10:56:00",
"db": "BID",
"id": "4203"
},
{
"date": "2009-07-11T10:56:00",
"db": "BID",
"id": "4088"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000033"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200202-007"
},
{
"date": "2018-10-12T21:30:46.750000",
"db": "NVD",
"id": "CVE-2002-0012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "5043"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4203"
},
{
"db": "BID",
"id": "4088"
}
],
"trust": 1.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in SNMPv1 trap handling",
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
}
],
"trust": 0.6
}
}
VAR-200106-0170
Vulnerability from variot - Updated: 2024-07-23 21:52Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. There is a buffer overflow defect in the ctl_getitem() function of the Network Time Protocol (NTP) daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2 are assumed at risk. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP v4. The 'ntpd' daemon implementing version 3 is called 'xntp3'; the version implementing version 4 is called 'ntp'. On UNIX systems, the 'ntpd' daemon is available to regularly synchronize system time with internet time servers. Many versions of 'ntpd' are prone to a remotely exploitable buffer-overflow issue. A remote attacker may be able to crash the daemon or execute arbitrary code on the host. If successful, the attacker may gain root access on the victim host or may denial NTP service on the affected host. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php
Contents: * 120 Reported Vulnerabilities * Risk Factor Key
Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php
Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php
Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php
Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php
Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php
Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php
Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php
Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php
Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php
Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php
Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php
Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php
Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php
Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php
Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php
Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php
Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php
Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php
Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php
Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php
Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php
Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php
Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php
Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php
Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php
Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php
Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php
Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php
Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php
Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php
Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php
Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php
Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php
Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php
Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php
Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php
Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php
Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php
Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php
Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php
Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php
Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php
Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php
Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php
Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php
Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php
Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php
Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php
Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php
Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php
Date Reported: 04/16/2001
Brief Description: Microsoft Internet Explorer altering CLSID
action allows malicious file execution
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
Vulnerability: ie-clsid-execute-files
X-Force URL: http://xforce.iss.net/static/6426.php
Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php
Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php
Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php
Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php
Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php
Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php
Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php
Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php
Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php
Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php
Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php
Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php
Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php
Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php
Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php
Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php
Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php
Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php
Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php
Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php
Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php
Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php
Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php
Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php
Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php
Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php
Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php
Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php
Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php
Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php
Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php
Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php
Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php
Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php
Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php
Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php
Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php
Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php
Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php
Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php
Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php
Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php
Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php
Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php
Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php
Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200106-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "lotus",
"version": null
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99f"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99d"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99b"
},
{
"model": "xntp3",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "5.93c"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99e"
},
{
"model": "xntp3",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "5.93e"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99a"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "4.0.99c"
},
{
"model": "xntp3",
"scope": "eq",
"trust": 1.6,
"vendor": "dave mills",
"version": "5.93d"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "4.0.99j"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "4.0.99h"
},
{
"model": "xntp3",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "5.93"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "4.0.99i"
},
{
"model": "ntpd",
"scope": "lte",
"trust": 1.0,
"vendor": "dave mills",
"version": "4.0.99k"
},
{
"model": "ntpd",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "4.0.99g"
},
{
"model": "xntp3",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "5.93b"
},
{
"model": "xntp3",
"scope": "eq",
"trust": 1.0,
"vendor": "dave mills",
"version": "5.93a"
},
{
"model": "ios 12.0 w5",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "berkeley design",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "compaq computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group sco linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group sco unix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "university of delaware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rit",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "ios 12.0xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd g",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "pgw2200 pstn gateway",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd e",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "virtual switch controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "ios 12.1xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills xntp3 e",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "5.93"
},
{
"model": "ios 12.1 yb4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xx"
},
{
"model": "ios 12.1 xf4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1cx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.1 aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 cx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2gs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2dd",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2pi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(4)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "ios 12.2pb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0.4"
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills xntp3 c",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "5.93"
},
{
"model": "mills ntpd h",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wc2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3"
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd c",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills xntp3 b",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "5.93"
},
{
"model": "mills ntpd",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bp",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.0wc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ia",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd k",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.1 yd2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "ios 12.1 xm4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills xntp3 d",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "5.93"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "ios 12.0xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ct",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 pi",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd j",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.1dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sl2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2p",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2sa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "ios 12.2 xh",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd a",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "mills xntp3 a",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "5.93"
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2f",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "ios 12.2 xa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ca",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 11.2wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd f",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.1xy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "voice services provisioning tool",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "ios 12.1xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills xntp3",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "5.93"
},
{
"model": "ios 11.1cc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "billing and management server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0xv"
},
{
"model": "ios 12.0sc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ex",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ey",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(9)"
},
{
"model": "ios 12.0 yb4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd b",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sc2200",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "ios 12.0wc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd i",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mills ntpd d",
"scope": "eq",
"trust": 0.3,
"vendor": "dave",
"version": "4.0.99"
},
{
"model": "ios 11.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.101"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.51"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.49"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.48"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.47"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.46"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.45"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.44"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.43"
},
{
"model": "research labs the bat! f",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.42"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.42"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.41"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.39"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.36"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.35"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.34"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.33"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.32"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.31"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.22"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.21"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.19"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.18"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.17"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.15"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.14"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.5"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.1"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.043"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.041"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.039"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.036"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.035"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.032"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.031"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.029"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.028"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.015"
},
{
"model": "research labs the bat!",
"scope": "eq",
"trust": 0.3,
"vendor": "rit",
"version": "1.011"
},
{
"model": "research labs the bat!",
"scope": "ne",
"trust": 0.3,
"vendor": "rit",
"version": "1.52"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970472"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2540"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.99k",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:ntpd:4.0.99e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dave_mills:xntp3:5.93c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Przemyslaw Frasunek\u203b venglin@freebsd.lublin.pl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
}
],
"trust": 0.6
},
"cve": "CVE-2001-0414",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2001-0414",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0414",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#970472",
"trust": 0.8,
"value": "79.65"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#601312",
"trust": 0.8,
"value": "9.98"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#642760",
"trust": 0.8,
"value": "10.50"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#555464",
"trust": 0.8,
"value": "4.25"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310816",
"trust": 0.8,
"value": "1.62"
},
{
"author": "CNNVD",
"id": "CNNVD-200106-110",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970472"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. There is a buffer overflow defect in the ctl_getitem() function of the Network Time Protocol (NTP) daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2 are assumed at risk. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP v4. The \u0027ntpd\u0027 daemon implementing version 3 is called \u0027xntp3\u0027; the version implementing version 4 is called \u0027ntp\u0027. \nOn UNIX systems, the \u0027ntpd\u0027 daemon is available to regularly synchronize system time with internet time servers. \nMany versions of \u0027ntpd\u0027 are prone to a remotely exploitable buffer-overflow issue. A remote attacker may be able to crash the daemon or execute arbitrary code on the host. \nIf successful, the attacker may gain root access on the victim host or may denial NTP service on the affected host. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure. This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported: 04/02/2001\nBrief Description: The Bat! masked file type in email attachment\n could allow execution of code\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: The Bat! 1.49 and earlier\nVulnerability: thebat-masked-file-type\nX-Force URL: http://xforce.iss.net/static/6324.php\n\nDate Reported: 04/02/2001\nBrief Description: PHP-Nuke could allow attackers to redirect ad\n banner URL links\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: PHP-Nuke 4.4 and earlier\nVulnerability: php-nuke-url-redirect\nX-Force URL: http://xforce.iss.net/static/6342.php\n\nDate Reported: 04/03/2001\nBrief Description: Orinoco RG-1000 Residential Gateway default SSID\n reveals WEP encryption key\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Orinoco Residential Gateway RG-1000\nVulnerability: orinoco-rg1000-wep-key\nX-Force URL: http://xforce.iss.net/static/6328.php\n\nDate Reported: 04/03/2001\nBrief Description: Navision Financials server denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Navision Financials 2.5 and 2.6\nVulnerability: navision-server-dos\nX-Force URL: http://xforce.iss.net/static/6318.php\n\nDate Reported: 04/03/2001\nBrief Description: uStorekeeper online shopping system allows\n remote file retrieval\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: uStorekeeper 1.61\nVulnerability: ustorekeeper-retrieve-files\nX-Force URL: http://xforce.iss.net/static/6319.php\n\nDate Reported: 04/03/2001\nBrief Description: Resin server allows remote attackers to view\n Javabean files\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Resin 1.2.x, Resin 1.3b1\nVulnerability: resin-view-javabean\nX-Force URL: http://xforce.iss.net/static/6320.php\n\nDate Reported: 04/03/2001\nBrief Description: BPFTP could allow attackers to obtain login\n credentials\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: BPFTP 2.0\nVulnerability: bpftp-obtain-credentials\nX-Force URL: http://xforce.iss.net/static/6330.php\n\nDate Reported: 04/04/2001\nBrief Description: Ntpd server readvar control message buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n earlier, FreeBSD 4.2-Stable, Mandrake Linux\n Corporate Server 1.0.1, Mandrake Linux 7.2,\n Trustix Secure Linux, Immunix Linux 7.0, \n NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n eServer 2.3.1\nVulnerability: ntpd-remote-bo\nX-Force URL: http://xforce.iss.net/static/6321.php\n\nDate Reported: 04/04/2001\nBrief Description: Cisco CSS debug mode allows users to gain\n administrative access\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Cisco Content Services Switch 11050, Cisco \n Content Services Switch 11150, Cisco Content\n Services Switch 11800\nVulnerability: cisco-css-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6322.php\n\nDate Reported: 04/04/2001\nBrief Description: BEA Tuxedo may allow access to remote services\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BEA Tuxedo 7.1\nVulnerability: bea-tuxedo-remote-access\nX-Force URL: http://xforce.iss.net/static/6326.php\n\nDate Reported: 04/05/2001\nBrief Description: Ultimate Bulletin Board could allow attackers to\n bypass authentication\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin\n Board 5.4.7e\nVulnerability: ultimatebb-bypass-authentication\nX-Force URL: http://xforce.iss.net/static/6339.php\n\nDate Reported: 04/05/2001\nBrief Description: BinTec X4000 NMAP denial of service\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n BinTec X1200\nVulnerability: bintec-x4000-nmap-dos\nX-Force URL: http://xforce.iss.net/static/6323.php\n\nDate Reported: 04/05/2001\nBrief Description: WatchGuard Firebox II kernel denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: WatchGuard Firebox II prior to 4.6\nVulnerability: firebox-kernel-dos\nX-Force URL: http://xforce.iss.net/static/6327.php\n\nDate Reported: 04/06/2001\nBrief Description: Cisco PIX denial of service due to multiple \n TACACS+ requests\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco PIX Firewall 5.1.4\nVulnerability: cisco-pix-tacacs-dos\nX-Force URL: http://xforce.iss.net/static/6353.php\n\nDate Reported: 04/06/2001\nBrief Description: Darren Reed\u0027s IP Filter allows attackers to\n access UDP and TCP ports\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IP Filter 3.4.16\nVulnerability: ipfilter-access-ports\nX-Force URL: http://xforce.iss.net/static/6331.php\n\nDate Reported: 04/06/2001\nBrief Description: Veritas NetBackup nc (netcat) command denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: NetBackup 3.2\nVulnerability: veritas-netbackup-nc-dos\nX-Force URL: http://xforce.iss.net/static/6329.php\n\nDate Reported: 04/08/2001\nBrief Description: PGP may allow malicious users to access\n authenticated split keys\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: PGP 7.0\nVulnerability: nai-pgp-split-keys\nX-Force URL: http://xforce.iss.net/static/6341.php\n\nDate Reported: 04/09/2001\nBrief Description: Solaris kcms_configure command line buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7, Solaris 8\nVulnerability: solaris-kcms-command-bo\nX-Force URL: http://xforce.iss.net/static/6359.php\n\nDate Reported: 04/09/2001\nBrief Description: TalkBack CGI script could allow remote attackers\n to read files on the Web server\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: TalkBack prior to 1.2\nVulnerability: talkback-cgi-read-files\nX-Force URL: http://xforce.iss.net/static/6340.php\n\nDate Reported: 04/09/2001\nBrief Description: Multiple FTP glob(3) implementation\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n HP-UX 11.00, NetBSD\nVulnerability: ftp-glob-implementation\nX-Force URL: http://xforce.iss.net/static/6333.php\n\nDate Reported: 04/09/2001\nBrief Description: Pine mail client temp file symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n Linux 6.2, Red Hat Linux 7.0\nVulnerability: pine-tmp-file-symlink\nX-Force URL: http://xforce.iss.net/static/6367.php\n\nDate Reported: 04/09/2001\nBrief Description: Multiple FTP glob(3) expansion\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability: ftp-glob-expansion\nX-Force URL: http://xforce.iss.net/static/6332.php\n\nDate Reported: 04/09/2001\nBrief Description: Netscape embedded JavaScript in GIF file \n comments can be used to access remote data\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2,\n Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n Red Hat Linux 7.1\nVulnerability: netscape-javascript-access-data\nX-Force URL: http://xforce.iss.net/static/6344.php\n\nDate Reported: 04/09/2001\nBrief Description: STRIP generates weak passwords\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: STRIP 0.5 and earlier\nVulnerability: strip-weak-passwords\nX-Force URL: http://xforce.iss.net/static/6362.php\n\nDate Reported: 04/10/2001\nBrief Description: Solaris Xsun HOME environment variable buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-xsun-home-bo\nX-Force URL: http://xforce.iss.net/static/6343.php\n\nDate Reported: 04/10/2001\nBrief Description: Compaq Presario Active X denial of service\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Compaq Presario, Windows 98, Windows ME\nVulnerability: compaq-activex-dos\nX-Force URL: http://xforce.iss.net/static/6355.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-expert-account\nX-Force URL: http://xforce.iss.net/static/6354.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems allow attacker on LAN to\n gain access using TFTP\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-tftp-lan-access\nX-Force URL: http://xforce.iss.net/static/6336.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems allow attacker on WAN to\n gain access using TFTP\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-tftp-wan-access\nX-Force URL: http://xforce.iss.net/static/6337.php\n\nDate Reported: 04/10/2001\nBrief Description: Oracle Application Server shared library\n (ndwfn4.so) buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: iPlanet Web Server 4.x, Oracle Application\n Server 4.0.8.2\nVulnerability: oracle-appserver-ndwfn4-bo\nX-Force URL: http://xforce.iss.net/static/6334.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems use blank password by\n default\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-blank-password\nX-Force URL: http://xforce.iss.net/static/6335.php\n\nDate Reported: 04/11/2001\nBrief Description: Solaris dtsession buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-dtsession-bo\nX-Force URL: http://xforce.iss.net/static/6366.php\n\nDate Reported: 04/11/2001\nBrief Description: Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7, Solaris 8\nVulnerability: solaris-kcssunwiosolf-bo\nX-Force URL: http://xforce.iss.net/static/6365.php\n\nDate Reported: 04/11/2001\nBrief Description: Lightwave ConsoleServer brute force password\n attack\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Lightwave ConsoleServer 3200\nVulnerability: lightwave-consoleserver-brute-force\nX-Force URL: http://xforce.iss.net/static/6345.php\n\nDate Reported: 04/11/2001\nBrief Description: nph-maillist allows user to execute code\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Email List Generator 3.5 and earlier\nVulnerability: nph-maillist-execute-code\nX-Force URL: http://xforce.iss.net/static/6363.php\n\nDate Reported: 04/11/2001\nBrief Description: Symantec Ghost Configuration Server denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ghost 6.5\nVulnerability: ghost-configuration-server-dos\nX-Force URL: http://xforce.iss.net/static/6357.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server DOS device denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-device-dos\nX-Force URL: http://xforce.iss.net/static/6348.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server HTTP header denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-header-dos\nX-Force URL: http://xforce.iss.net/static/6347.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server URL parsing denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-url-dos\nX-Force URL: http://xforce.iss.net/static/6351.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server CORBA denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-corba-dos\nX-Force URL: http://xforce.iss.net/static/6350.php\n\nDate Reported: 04/11/2001\nBrief Description: Symantec Ghost database engine denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ghost 6.5, Sybase Adaptive Server Database\n Engine 6.0.3.2747\nVulnerability: ghost-database-engine-dos\nX-Force URL: http://xforce.iss.net/static/6356.php\n\nDate Reported: 04/11/2001\nBrief Description: cfingerd daemon remote format string\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd\n 1.4.3 and earlier\nVulnerability: cfingerd-remote-format-string\nX-Force URL: http://xforce.iss.net/static/6364.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server Unicode denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-unicode-dos\nX-Force URL: http://xforce.iss.net/static/6349.php\n\nDate Reported: 04/11/2001\nBrief Description: Linux mkpasswd generates weak passwords\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability: mkpasswd-weak-passwords\nX-Force URL: http://xforce.iss.net/static/6382.php\n\nDate Reported: 04/12/2001\nBrief Description: Solaris ipcs utility buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-ipcs-bo\nX-Force URL: http://xforce.iss.net/static/6369.php\n\nDate Reported: 04/12/2001\nBrief Description: InterScan VirusWall ISADMIN service buffer \n overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux kernel , InterScan VirusWall 3.0.1\nVulnerability: interscan-viruswall-isadmin-bo\nX-Force URL: http://xforce.iss.net/static/6368.php\n\nDate Reported: 04/12/2001\nBrief Description: HylaFAX hfaxd format string\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n Mandrake Linux 7.2, Mandrake Linux Corporate\n Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability: hylafax-hfaxd-format-string\nX-Force URL: http://xforce.iss.net/static/6377.php\n\nDate Reported: 04/12/2001\nBrief Description: Cisco VPN 3000 Concentrators invalid IP Option\n denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability: cisco-vpn-ip-dos\nX-Force URL: http://xforce.iss.net/static/6360.php\n\nDate Reported: 04/13/2001\nBrief Description: Net.Commerce package in IBM WebSphere reveals\n installation path\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n 7, Windows NT 4.0\nVulnerability: ibm-websphere-reveals-path\nX-Force URL: http://xforce.iss.net/static/6371.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC ftpd buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: QVT/Term 5.0, QVT/Net 5.0\nVulnerability: qpc-ftpd-bo\nX-Force URL: http://xforce.iss.net/static/6376.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC ftpd directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: QVT/Net 5.0, QVT/Term 5.0\nVulnerability: qpc-ftpd-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6375.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC popd buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: QVT/Net 5.0\nVulnerability: qpc-popd-bo\nX-Force URL: http://xforce.iss.net/static/6374.php\n\nDate Reported: 04/13/2001\nBrief Description: NCM Content Management System access database\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: NCM Content Management System\nVulnerability: ncm-content-database-access\nX-Force URL: http://xforce.iss.net/static/6386.php\n\nDate Reported: 04/13/2001\nBrief Description: Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows\n 95, Windows 98\nVulnerability: netscape-smartdownload-sdph20-bo\nX-Force URL: http://xforce.iss.net/static/6403.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer accept buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-accept-bo\nX-Force URL: http://xforce.iss.net/static/6404.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer cancel buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-cancel-bo\nX-Force URL: http://xforce.iss.net/static/6406.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer disable buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-disable-bo\nX-Force URL: http://xforce.iss.net/static/6407.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer enable buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-enable-bo\nX-Force URL: http://xforce.iss.net/static/6409.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lp buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lp-bo\nX-Force URL: http://xforce.iss.net/static/6410.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpfilter buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpfilter-bo\nX-Force URL: http://xforce.iss.net/static/6411.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpstat buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpstat-bo\nX-Force URL: http://xforce.iss.net/static/6413.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer reject buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-reject-bo\nX-Force URL: http://xforce.iss.net/static/6414.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer rmail buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-rmail-bo\nX-Force URL: http://xforce.iss.net/static/6415.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer tput buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-tput-bo\nX-Force URL: http://xforce.iss.net/static/6416.php\n\nDate Reported: 04/13/2001\nBrief Description: IBM WebSphere CGI macro denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n 4.3.x, Solaris 7\nVulnerability: ibm-websphere-macro-dos\nX-Force URL: http://xforce.iss.net/static/6372.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpmove buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpmove-bo\nX-Force URL: http://xforce.iss.net/static/6412.php\n\nDate Reported: 04/14/2001\nBrief Description: Siemens Reliant Unix ppd -T symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n Unix 5.44\nVulnerability: reliant-unix-ppd-symlink\nX-Force URL: http://xforce.iss.net/static/6408.php\n\nDate Reported: 04/15/2001\nBrief Description: Linux Exuberant Ctags package symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Debian Linux 2.2, exuberant-ctags\nVulnerability: exuberant-ctags-symlink\nX-Force URL: http://xforce.iss.net/static/6388.php\n\nDate Reported: 04/15/2001\nBrief Description: processit.pl CGI could allow attackers to view\n sensitive information about the Web server\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: processit.pl\nVulnerability: processit-cgi-view-info\nX-Force URL: http://xforce.iss.net/static/6385.php\n\nDate Reported: 04/16/2001\nBrief Description: Microsoft ISA Server Web Proxy denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft ISA Server 2000\nVulnerability: isa-web-proxy-dos\nX-Force URL: http://xforce.iss.net/static/6383.php\n\nDate Reported: 04/16/2001\nBrief Description: Microsoft Internet Explorer altering CLSID\n action allows malicious file execution\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98 \nVulnerability: ie-clsid-execute-files\nX-Force URL: http://xforce.iss.net/static/6426.php\n\nDate Reported: 04/16/2001\nBrief Description: Cisco Catalyst 5000 series switch 802.1x denial\n of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco Catalyst 5000 Series\nVulnerability: cisco-catalyst-8021x-dos\nX-Force URL: http://xforce.iss.net/static/6379.php\n\nDate Reported: 04/16/2001\nBrief Description: BubbleMon allows users to gain elevated \n privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: BubbleMon prior to 1.32, FreeBSD\nVulnerability: bubblemon-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6378.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6391.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field allows attacker to upload\n files\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-file-upload\nX-Force URL: http://xforce.iss.net/static/6393.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field EXPR allows attacker to\n execute commands\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-expr\nX-Force URL: http://xforce.iss.net/static/6392.php\n\nDate Reported: 04/16/2001\nBrief Description: Linux NetFilter IPTables\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability: linux-netfilter-iptables\nX-Force URL: http://xforce.iss.net/static/6390.php\n\nDate Reported: 04/17/2001\nBrief Description: Xitami Web server denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability: xitami-server-dos\nX-Force URL: http://xforce.iss.net/static/6389.php\n\nDate Reported: 04/17/2001\nBrief Description: Samba tmpfile symlink attack could allow\n elevated privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n Progeny Linux, Caldera OpenLinux eBuilder,\n Trustix Secure Linux 1.01, Mandrake Linux \n Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability: samba-tmpfile-symlink\nX-Force URL: http://xforce.iss.net/static/6396.php\n\nDate Reported: 04/17/2001\nBrief Description: GoAhead WebServer \"aux\" denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability: goahead-aux-dos\nX-Force URL: http://xforce.iss.net/static/6400.php\n\nDate Reported: 04/17/2001\nBrief Description: AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SimpleServer:WWW 1.03 to 1.08\nVulnerability: analogx-simpleserver-aux-dos\nX-Force URL: http://xforce.iss.net/static/6395.php\n\nDate Reported: 04/17/2001\nBrief Description: Viking Server hexadecimal URL encoded format\n directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Viking Server prior to 1.07-381\nVulnerability: viking-hex-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6394.php\n\nDate Reported: 04/17/2001\nBrief Description: Solaris FTP server allows attacker to recover\n shadow file\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Solaris 2.6\nVulnerability: solaris-ftp-shadow-recovery\nX-Force URL: http://xforce.iss.net/static/6422.php\n\nDate Reported: 04/18/2001\nBrief Description: The Bat! pop3 denial of service\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: The Bat! 1.51, Windows\nVulnerability: thebat-pop3-dos\nX-Force URL: http://xforce.iss.net/static/6423.php\n\nDate Reported: 04/18/2001\nBrief Description: Eudora allows attacker to obtain files using\n plain text attachments\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Eudora 5.0.2\nVulnerability: eudora-plain-text-attachment\nX-Force URL: http://xforce.iss.net/static/6431.php\n\nDate Reported: 04/18/2001\nBrief Description: VMware vmware-mount.pl symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: VMware\nVulnerability: vmware-mount-symlink\nX-Force URL: http://xforce.iss.net/static/6420.php\n\nDate Reported: 04/18/2001\nBrief Description: KFM tmpfile symbolic link could allow local\n attackers to overwrite files\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: SuSE Linux 7.0, K File Manager (KFM)\nVulnerability: kfm-tmpfile-symlink\nX-Force URL: http://xforce.iss.net/static/6428.php\n\nDate Reported: 04/18/2001\nBrief Description: CyberScheduler timezone remote buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: CyberScheduler, Mandrake Linux, Windows 2000,\n IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n Linux, Solaris 2.5, Solaris 2.6, Caldera \n OpenLinux, Windows NT\nVulnerability: cyberscheduler-timezone-bo\nX-Force URL: http://xforce.iss.net/static/6401.php\n\nDate Reported: 04/18/2001\nBrief Description: Microsoft Data Access Component Internet\n Publishing Provider allows WebDAV access\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft Data Access Component 8.103.2519.0,\n Windows 95, Windows NT 4.0, Windows 98, Windows\n 98 Second Edition, Windows 2000, Windows ME \nVulnerability: ms-dacipp-webdav-access\nX-Force URL: http://xforce.iss.net/static/6405.php\n\nDate Reported: 04/18/2001\nBrief Description: Oracle tnslsnr80.exe denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability: oracle-tnslsnr80-dos\nX-Force URL: http://xforce.iss.net/static/6427.php\n\nDate Reported: 04/18/2001\nBrief Description: innfeed -c flag buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux,\n INN prior to 2.3.1\nVulnerability: innfeed-c-bo\nX-Force URL: http://xforce.iss.net/static/6398.php\n\nDate Reported: 04/18/2001\nBrief Description: iPlanet Calendar Server stores username and\n password in plaintext\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: iPlanet Calendar Server 5.0p2\nVulnerability: iplanet-calendar-plaintext-password\nX-Force URL: http://xforce.iss.net/static/6402.php\n\nDate Reported: 04/18/2001\nBrief Description: Linux NEdit symlink when printing\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n SuSE Linux 7.0, Mandrake Linux Corporate Server\n 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability: nedit-print-symlink\nX-Force URL: http://xforce.iss.net/static/6424.php\n\nDate Reported: 04/19/2001\nBrief Description: CheckBO TCP buffer overflow\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: CheckBO 1.56 and earlier\nVulnerability: checkbo-tcp-bo\nX-Force URL: http://xforce.iss.net/static/6436.php\n\nDate Reported: 04/19/2001\nBrief Description: HP-UX pcltotiff uses insecure permissions\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n HP-UX 10.26\nVulnerability: hp-pcltotiff-insecure-permissions\nX-Force URL: http://xforce.iss.net/static/6447.php\n\nDate Reported: 04/19/2001\nBrief Description: Netopia Timbuktu allows unauthorized system\n access\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Timbuktu Pro, Macintosh OS X\nVulnerability: netopia-timbuktu-gain-access\nX-Force URL: http://xforce.iss.net/static/6452.php\n\nDate Reported: 04/20/2001\nBrief Description: Cisco CBOS could allow attackers to gain \n privileged information\nRisk Factor: High\nAttack Type: Host Based / Network Based\nPlatforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability: cisco-cbos-gain-information\nX-Force URL: http://xforce.iss.net/static/6453.php\n\nDate Reported: 04/20/2001\nBrief Description: Internet Explorer 5.x allows active scripts \n using XML stylesheets\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Internet Explorer 5.x, Outlook Express 5.x\nVulnerability: ie-xml-stylesheets-scripting\nX-Force URL: http://xforce.iss.net/static/6448.php\n\nDate Reported: 04/20/2001\nBrief Description: Linux gftp format string\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, \n Mandrake Linux Corporate Server 1.0.1, Immunix\n Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n 7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n Linux 7.0\nVulnerability: gftp-format-string\nX-Force URL: http://xforce.iss.net/static/6478.php\n\nDate Reported: 04/20/2001\nBrief Description: Novell BorderManager VPN client SYN requests \n denial of service\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Novell BorderManager 3.5\nVulnerability: bordermanager-vpn-syn-dos\nX-Force URL: http://xforce.iss.net/static/6429.php\n\nDate Reported: 04/20/2001\nBrief Description: SAFT sendfiled could allow the execution of\n arbitrary code\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability: saft-sendfiled-execute-code\nX-Force URL: http://xforce.iss.net/static/6430.php\n\nDate Reported: 04/21/2001\nBrief Description: Mercury MTA for Novell Netware buffer overflow\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability: mercury-mta-bo\nX-Force URL: http://xforce.iss.net/static/6444.php\n\nDate Reported: 04/21/2001\nBrief Description: QNX allows attacker to read files on FAT \n partition\nRisk Factor: High\nAttack Type: Host Based / Network Based\nPlatforms Affected: QNX 2.4\nVulnerability: qnx-fat-file-read\nX-Force URL: http://xforce.iss.net/static/6437.php\n\nDate Reported: 04/23/2001\nBrief Description: Viking Server \"dot dot\" (\\...\\) directory\n traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Viking Server 1.0.7\nVulnerability: viking-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6450.php\n\nDate Reported: 04/24/2001\nBrief Description: NetCruiser Web Server could reveal directory\n path\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: NetCruiser Web Server 0.1.2.8\nVulnerability: netcruiser-server-path-disclosure\nX-Force URL: http://xforce.iss.net/static/6468.php\n\nDate Reported: 04/24/2001\nBrief Description: Perl Web Server directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Perl Web Server 0.3 and prior\nVulnerability: perl-webserver-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6451.php\n\nDate Reported: 04/24/2001\nBrief Description: Small HTTP Server /aux denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Small HTTP Server 2.03\nVulnerability: small-http-aux-dos\nX-Force URL: http://xforce.iss.net/static/6446.php\n\nDate Reported: 04/24/2001\nBrief Description: IPSwitch IMail SMTP daemon mailing list handler\n buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: IPSwitch Imail 6.06 and earlier\nVulnerability: ipswitch-imail-smtp-bo\nX-Force URL: http://xforce.iss.net/static/6445.php\n\nDate Reported: 04/25/2001\nBrief Description: MIT Kerberos 5 could allow attacker to gain root\n access by injecting base64-encoded data\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: MIT Kerberos 5\nVulnerability: kerberos-inject-base64-encode\nX-Force URL: http://xforce.iss.net/static/6454.php\n\nDate Reported: 04/26/2001\nBrief Description: IRIX netprint -n allows attacker to access\n shared library\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: IRIX 6.x\nVulnerability: irix-netprint-shared-library\nX-Force URL: http://xforce.iss.net/static/6473.php\n\nDate Reported: 04/26/2001\nBrief Description: WebXQ \"dot dot\" directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Windows, WebXQ 2.1.204\nVulnerability: webxq-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6466.php\n\nDate Reported: 04/26/2001\nBrief Description: RaidenFTPD \"dot dot\" directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability: raidenftpd-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6455.php\n\nDate Reported: 04/27/2001\nBrief Description: PerlCal CGI cal_make.pl script directory\n traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Unix, PerlCal 2.95 and prior\nVulnerability: perlcal-calmake-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6480.php\n\nDate Reported: 04/28/2001\nBrief Description: ICQ Web Front plugin denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability: icq-webfront-dos\nX-Force URL: http://xforce.iss.net/static/6474.php\n\nDate Reported: 04/28/2001\nBrief Description: Alex FTP Server \"dot dot\" directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Alex\u0027s FTP Server 0.7\nVulnerability: alex-ftp-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6475.php\n\nDate Reported: 04/28/2001\nBrief Description: BRS WebWeaver FTP path disclosure\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: BRS WebWeaver 0.63\nVulnerability: webweaver-ftp-path-disclosure\nX-Force URL: http://xforce.iss.net/static/6477.php\n\nDate Reported: 04/28/2001\nBrief Description: BRS WebWeaver Web server \"dot dot\" directory\n traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BRS WebWeaver 0.63\nVulnerability: webweaver-web-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6476.php\n\nDate Reported: 04/29/2001\nBrief Description: Winamp AIP buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Winamp 2.6x and 2.7x\nVulnerability: winamp-aip-bo\nX-Force URL: http://xforce.iss.net/static/6479.php\n\nDate Reported: 04/29/2001\nBrief Description: BearShare \"dot dot\" allows remote attacker to traverse\n directories and download any file\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows\n 98, Windows ME\nVulnerability: bearshare-dot-download-files\nX-Force URL: http://xforce.iss.net/static/6481.php\n\nDate Reported: 05/01/2001\nBrief Description: IIS 5.0 ISAPI extension buffer overflow\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000\n Advanced Server, Windows 2000 Datacenter Server\nVulnerability: iis-isapi-bo\nX-Force URL: http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business. With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies. Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East. For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0414"
},
{
"db": "CERT/CC",
"id": "VU#970472"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"db": "BID",
"id": "2540"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "PACKETSTORM",
"id": "24836"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "2540",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2001-0414",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#970472",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "805",
"trust": 1.6
},
{
"db": "BID",
"id": "2636",
"trust": 1.1
},
{
"db": "XF",
"id": "6347",
"trust": 0.9
},
{
"db": "XF",
"id": "6351",
"trust": 0.9
},
{
"db": "XF",
"id": "6350",
"trust": 0.9
},
{
"db": "XF",
"id": "6423",
"trust": 0.9
},
{
"db": "BID",
"id": "2565",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#601312",
"trust": 0.8
},
{
"db": "BID",
"id": "2598",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#642760",
"trust": 0.8
},
{
"db": "BID",
"id": "2599",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#555464",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#310816",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046",
"trust": 0.8
},
{
"db": "XF",
"id": "6321",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010418 IBM MSS OUTSIDE ADVISORY REDISTRIBUTION: IBM AIX: BUFFER OVERFLOW VULNERABILITY IN (X)NTP",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010404 NTPD =\u003c 4.0.99K REMOTE BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010406 IMMUNIX OS SECURITY UPDATE FOR NTP AND XNTP3",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010409 [ESA-20010409-01] XNTP BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010413 PROGENY-SA-2001-02A: [UPDATE] NTPD REMOTE BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010405 RE: NTPD =\u003c 4.0.99K REMOTE BUFFER OVERFLOW]",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010409 NTP-4.99K23.TAR.GZ IS AVAILABLE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010408 [SLACKWARE-SECURITY] BUFFER OVERFLOW FIX FOR NTP",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010409 PROGENY-SA-2001-02: NTPD REMOTE BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010409 NTPD - NEW DEBIAN 2.2 (POTATO) VERSION IS ALSO VULNERABLE",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2001:045",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2001:036",
"trust": 0.6
},
{
"db": "NETBSD",
"id": "NETBSD-SA2001-004",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-045",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2001:10",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2001:392",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-01:31",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:3831",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2001-013",
"trust": 0.6
},
{
"db": "SCO",
"id": "SSE073",
"trust": 0.6
},
{
"db": "SCO",
"id": "SSE074",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110",
"trust": 0.6
},
{
"db": "XF",
"id": "6382",
"trust": 0.1
},
{
"db": "XF",
"id": "6475",
"trust": 0.1
},
{
"db": "XF",
"id": "6343",
"trust": 0.1
},
{
"db": "XF",
"id": "6386",
"trust": 0.1
},
{
"db": "XF",
"id": "6328",
"trust": 0.1
},
{
"db": "XF",
"id": "6333",
"trust": 0.1
},
{
"db": "XF",
"id": "6334",
"trust": 0.1
},
{
"db": "XF",
"id": "6376",
"trust": 0.1
},
{
"db": "XF",
"id": "6345",
"trust": 0.1
},
{
"db": "XF",
"id": "6422",
"trust": 0.1
},
{
"db": "XF",
"id": "6322",
"trust": 0.1
},
{
"db": "XF",
"id": "6378",
"trust": 0.1
},
{
"db": "XF",
"id": "6342",
"trust": 0.1
},
{
"db": "XF",
"id": "6453",
"trust": 0.1
},
{
"db": "XF",
"id": "6405",
"trust": 0.1
},
{
"db": "XF",
"id": "6377",
"trust": 0.1
},
{
"db": "XF",
"id": "6428",
"trust": 0.1
},
{
"db": "XF",
"id": "6450",
"trust": 0.1
},
{
"db": "XF",
"id": "6332",
"trust": 0.1
},
{
"db": "XF",
"id": "6410",
"trust": 0.1
},
{
"db": "XF",
"id": "6478",
"trust": 0.1
},
{
"db": "XF",
"id": "6359",
"trust": 0.1
},
{
"db": "XF",
"id": "6485",
"trust": 0.1
},
{
"db": "XF",
"id": "6414",
"trust": 0.1
},
{
"db": "XF",
"id": "6371",
"trust": 0.1
},
{
"db": "XF",
"id": "6477",
"trust": 0.1
},
{
"db": "XF",
"id": "6395",
"trust": 0.1
},
{
"db": "XF",
"id": "6394",
"trust": 0.1
},
{
"db": "XF",
"id": "6353",
"trust": 0.1
},
{
"db": "XF",
"id": "6466",
"trust": 0.1
},
{
"db": "XF",
"id": "6481",
"trust": 0.1
},
{
"db": "XF",
"id": "6329",
"trust": 0.1
},
{
"db": "XF",
"id": "6372",
"trust": 0.1
},
{
"db": "XF",
"id": "6348",
"trust": 0.1
},
{
"db": "XF",
"id": "6437",
"trust": 0.1
},
{
"db": "XF",
"id": "6367",
"trust": 0.1
},
{
"db": "XF",
"id": "6411",
"trust": 0.1
},
{
"db": "XF",
"id": "6452",
"trust": 0.1
},
{
"db": "XF",
"id": "6354",
"trust": 0.1
},
{
"db": "XF",
"id": "6344",
"trust": 0.1
},
{
"db": "XF",
"id": "6356",
"trust": 0.1
},
{
"db": "XF",
"id": "6420",
"trust": 0.1
},
{
"db": "XF",
"id": "6424",
"trust": 0.1
},
{
"db": "XF",
"id": "6365",
"trust": 0.1
},
{
"db": "XF",
"id": "6415",
"trust": 0.1
},
{
"db": "XF",
"id": "6416",
"trust": 0.1
},
{
"db": "XF",
"id": "6412",
"trust": 0.1
},
{
"db": "XF",
"id": "6391",
"trust": 0.1
},
{
"db": "XF",
"id": "6447",
"trust": 0.1
},
{
"db": "XF",
"id": "6362",
"trust": 0.1
},
{
"db": "XF",
"id": "6408",
"trust": 0.1
},
{
"db": "XF",
"id": "6331",
"trust": 0.1
},
{
"db": "XF",
"id": "6431",
"trust": 0.1
},
{
"db": "XF",
"id": "6479",
"trust": 0.1
},
{
"db": "XF",
"id": "6429",
"trust": 0.1
},
{
"db": "XF",
"id": "6392",
"trust": 0.1
},
{
"db": "XF",
"id": "6396",
"trust": 0.1
},
{
"db": "XF",
"id": "6480",
"trust": 0.1
},
{
"db": "XF",
"id": "6468",
"trust": 0.1
},
{
"db": "XF",
"id": "6366",
"trust": 0.1
},
{
"db": "XF",
"id": "6327",
"trust": 0.1
},
{
"db": "XF",
"id": "6474",
"trust": 0.1
},
{
"db": "XF",
"id": "6319",
"trust": 0.1
},
{
"db": "XF",
"id": "6403",
"trust": 0.1
},
{
"db": "XF",
"id": "6413",
"trust": 0.1
},
{
"db": "XF",
"id": "6388",
"trust": 0.1
},
{
"db": "XF",
"id": "6363",
"trust": 0.1
},
{
"db": "XF",
"id": "6454",
"trust": 0.1
},
{
"db": "XF",
"id": "6364",
"trust": 0.1
},
{
"db": "XF",
"id": "6400",
"trust": 0.1
},
{
"db": "XF",
"id": "6339",
"trust": 0.1
},
{
"db": "XF",
"id": "6455",
"trust": 0.1
},
{
"db": "XF",
"id": "6341",
"trust": 0.1
},
{
"db": "XF",
"id": "6318",
"trust": 0.1
},
{
"db": "XF",
"id": "6436",
"trust": 0.1
},
{
"db": "XF",
"id": "6448",
"trust": 0.1
},
{
"db": "XF",
"id": "6320",
"trust": 0.1
},
{
"db": "XF",
"id": "6385",
"trust": 0.1
},
{
"db": "XF",
"id": "6379",
"trust": 0.1
},
{
"db": "XF",
"id": "6402",
"trust": 0.1
},
{
"db": "XF",
"id": "6426",
"trust": 0.1
},
{
"db": "XF",
"id": "6323",
"trust": 0.1
},
{
"db": "XF",
"id": "6369",
"trust": 0.1
},
{
"db": "XF",
"id": "6336",
"trust": 0.1
},
{
"db": "XF",
"id": "6427",
"trust": 0.1
},
{
"db": "XF",
"id": "6446",
"trust": 0.1
},
{
"db": "XF",
"id": "6349",
"trust": 0.1
},
{
"db": "XF",
"id": "6368",
"trust": 0.1
},
{
"db": "XF",
"id": "6389",
"trust": 0.1
},
{
"db": "XF",
"id": "6357",
"trust": 0.1
},
{
"db": "XF",
"id": "6476",
"trust": 0.1
},
{
"db": "XF",
"id": "6401",
"trust": 0.1
},
{
"db": "XF",
"id": "6326",
"trust": 0.1
},
{
"db": "XF",
"id": "6340",
"trust": 0.1
},
{
"db": "XF",
"id": "6337",
"trust": 0.1
},
{
"db": "XF",
"id": "6473",
"trust": 0.1
},
{
"db": "XF",
"id": "6375",
"trust": 0.1
},
{
"db": "XF",
"id": "6409",
"trust": 0.1
},
{
"db": "XF",
"id": "6390",
"trust": 0.1
},
{
"db": "XF",
"id": "6335",
"trust": 0.1
},
{
"db": "XF",
"id": "6393",
"trust": 0.1
},
{
"db": "XF",
"id": "6324",
"trust": 0.1
},
{
"db": "XF",
"id": "6445",
"trust": 0.1
},
{
"db": "XF",
"id": "6404",
"trust": 0.1
},
{
"db": "XF",
"id": "6360",
"trust": 0.1
},
{
"db": "XF",
"id": "6398",
"trust": 0.1
},
{
"db": "XF",
"id": "6430",
"trust": 0.1
},
{
"db": "XF",
"id": "6406",
"trust": 0.1
},
{
"db": "XF",
"id": "6444",
"trust": 0.1
},
{
"db": "XF",
"id": "6330",
"trust": 0.1
},
{
"db": "XF",
"id": "6355",
"trust": 0.1
},
{
"db": "XF",
"id": "6407",
"trust": 0.1
},
{
"db": "XF",
"id": "6374",
"trust": 0.1
},
{
"db": "XF",
"id": "6383",
"trust": 0.1
},
{
"db": "XF",
"id": "6451",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "24836",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970472"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2540"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"id": "VAR-200106-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-07-23T21:52:30.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0104-148",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0104-148"
},
{
"title": "HPSBUX0104-148",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0104-148.html"
},
{
"title": "RHSA-2001:045",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2001-045.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.sun.com/"
},
{
"title": "RHSA-2001:045",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2001-045j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/2540"
},
{
"trust": 2.4,
"url": "ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd-sa2001-004.txt.asc"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/advisories/3208"
},
{
"trust": 1.6,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126"
},
{
"trust": 1.6,
"url": "http://www.linux-mandrake.com/en/security/2001/mdksa-2001-036.php3"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2001-045.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/805"
},
{
"trust": 1.6,
"url": "http://www.calderasystems.com/support/security/advisories/cssa-2001-013.0.txt"
},
{
"trust": 1.6,
"url": "http://lists.suse.com/archives/suse-security-announce/2001-apr/0000.html"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000392"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html"
},
{
"trust": 1.6,
"url": "ftp://ftp.sco.com/sse/sse074.ltr"
},
{
"trust": 1.6,
"url": "ftp://ftp.sco.com/sse/sse073.ltr"
},
{
"trust": 1.6,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-01:31.ntpd.asc"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98642418618512\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98654963328381\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98659782815613\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98679815917014\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98683952401753\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98684202610470\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=98684532921941\u0026w=2"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6321"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a3831"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2001/dsa-045"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6347.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6351.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6350.php"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/static/6423.php"
},
{
"trust": 0.8,
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c?r1+=1.1\u0026r2=1.2"
},
{
"trust": 0.8,
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/ntp/files/patch-ntp_control.c (patch for ntp-4.0.99k)"
},
{
"trust": 0.8,
"url": "http://www.faqs.org/rfcs/rfc1305.html"
},
{
"trust": 0.8,
"url": "http://www.ntp.org/"
},
{
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?type=0\u0026doc=secbull%2f211\u0026display=plain"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2565"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2598"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2599"
},
{
"trust": 0.8,
"url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2636"
},
{
"trust": 0.8,
"url": "http://www.ritlabs.com/the_bat/index.html"
},
{
"trust": 0.8,
"url": "http://www.security.nnov.ru/search/news.asp?binid=1136"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0414"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0414"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/970472"
},
{
"trust": 0.7,
"url": "http://xforce.iss.net/static/6321.php"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98651866104663\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98684532921941\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98684202610470\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98683952401753\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98679815917014\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98659782815613\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98654963328381\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=98642418618512\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:3831"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/ntp-pub.shtml"
},
{
"trust": 0.3,
"url": "http://www.ntp.org"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/1d0617f506101c3c4db122dc40236f69.html"
},
{
"trust": 0.3,
"url": "http://www.thebat.net"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6323.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6330.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6392.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6444.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6455.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6468.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6452.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6327.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6395.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6485.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6402.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6362.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6366.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6336.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6451.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6334.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6406.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6427.php"
},
{
"trust": 0.1,
"url": "https://www.iss.net"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6343.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6326.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6319.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6344.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6398.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6428.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6353.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6356.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6390.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6450.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6446.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6368.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6332.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6359.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6376.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6354.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6378.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6374.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6394.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6383.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6411.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6414.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6481.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6349.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6365.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6382.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6403.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6324.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6329.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6437.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6388.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6415.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6424.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6342.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6337.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6357.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6348.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/alerts/vol-6_num-6.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6407.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6379.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6389.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6436.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6466.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6412.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6448.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6400.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6318.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6478.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6454.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6372.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6420.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6335.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6345.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6479.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6355.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6364.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6476.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6393.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6391.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6341.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6371.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6429.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6369.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6405.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6431.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6422.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6410.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6360.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6401.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6413.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6474.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6477.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6385.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6473.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6328.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6377.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6416.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6339.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6367.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6445.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6453.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6375.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/maillists/index.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6475.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6430.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6340.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6396.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6426.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6331.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6386.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/sensitive.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6333.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6480.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6409.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6447.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6404.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6320.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6408.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6322.php"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/static/6363.php"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970472"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2540"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#970472"
},
{
"db": "CERT/CC",
"id": "VU#601312"
},
{
"db": "CERT/CC",
"id": "VU#642760"
},
{
"db": "CERT/CC",
"id": "VU#555464"
},
{
"db": "CERT/CC",
"id": "VU#310816"
},
{
"db": "BID",
"id": "2540"
},
{
"db": "BID",
"id": "2636"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-05T00:00:00",
"db": "CERT/CC",
"id": "VU#970472"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#642760"
},
{
"date": "2001-07-12T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-06-01T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2001-04-04T00:00:00",
"db": "BID",
"id": "2540"
},
{
"date": "2001-04-18T00:00:00",
"db": "BID",
"id": "2636"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"date": "2001-05-16T01:07:09",
"db": "PACKETSTORM",
"id": "24836"
},
{
"date": "2001-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"date": "2001-06-18T04:00:00",
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-05-22T00:00:00",
"db": "CERT/CC",
"id": "VU#970472"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#601312"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#642760"
},
{
"date": "2001-07-17T00:00:00",
"db": "CERT/CC",
"id": "VU#555464"
},
{
"date": "2001-08-30T00:00:00",
"db": "CERT/CC",
"id": "VU#310816"
},
{
"date": "2007-11-05T17:05:00",
"db": "BID",
"id": "2540"
},
{
"date": "2001-04-18T00:00:00",
"db": "BID",
"id": "2636"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000046"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200106-110"
},
{
"date": "2017-10-10T01:29:43.233000",
"db": "NVD",
"id": "CVE-2001-0414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "24836"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ntpd Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "2540"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "2540"
},
{
"db": "CNNVD",
"id": "CNNVD-200106-110"
}
],
"trust": 0.9
}
}
VAR-200503-0071
Vulnerability from variot - Updated: 2024-07-23 21:28The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server. This could result in a false sense of security. Oracle has not released any further information about this weakness. The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. This issue occurs only in Internet Explorer running on Windows. The second issue allows an untrusted applet to interfere with another applet embedded in the same web page. This issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\'\'sandbox\'\' and all restrictions to access restricted resources and systems. BACKGROUND
Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. This connection enables applets on Web sites to be run within a browser on the desktop.
II.
A number of private Java packages exist within the Java Virtual Machine (VM) and are used internally by the VM. Security restrictions prevent Applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException', unless the Applet is signed and the user has chosen to trust the issuer.
III. ANALYSIS
Successful exploitation allows remote attackers to execute hostile Applets that can access, download, upload or execute arbitrary files as well as access the network. A target user must be running a browser on top of a vulnerable Java Virtual Machine to be affected. It is possible for an attacker to create a cross-platform, cross-browser exploit for this vulnerability. Once compromised, an attacker can execute arbitrary code under the privileges of the user who instantiated the vulnerable browser.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms can be exploited if they are running a vulnerable Java Virtual Machine.
V. Other Java Virtual Machines, such as the Microsoft VM, are available and can be used as an alternative.
VI. VENDOR RESPONSE
This issue has been fixed in J2SE v 1.4.2_06 available at:
[15]http://java.sun.com/j2se/1.4.2/download.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1029 to this issue. This is a candidate for inclusion in the CVE list ([16]http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
06/29/2004 Initial vendor notification 06/30/2004 Initial vendor response 08/16/2004 iDEFENSE clients notified 11/22/2004 Public disclosure
IX. CREDIT
Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery.
Get paid for vulnerability research [17]http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright \xa9 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [18]customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200503-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jre",
"scope": "eq",
"trust": 3.4,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre",
"scope": "eq",
"trust": 2.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre",
"scope": "eq",
"trust": 2.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk .0 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 09",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk 07",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 08",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk .0 4",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre .0 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "sdk 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk .0 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.4.0_01"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.3.1_07"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.3.1_09"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 1.5,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "1.3.0"
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 01",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_06"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_02"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.23"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_05"
},
{
"model": "java sdk-rte",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_03"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.22"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_04"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_02"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "*"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_03"
},
{
"model": "java sdk-rte",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.3"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_05"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_01"
},
{
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "2.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_05"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_06"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.11"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_04"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_01"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_07"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_01"
},
{
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "2.0.1"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_01"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_02"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_03"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_02"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_07"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_01a"
},
{
"model": "jre .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jre 06",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "jre 01a",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jre 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "jre 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "sdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "notes",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "notes",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.3.1_12"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.1"
},
{
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_05"
},
{
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.3.1_12"
},
{
"model": "sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.1"
},
{
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_05"
},
{
"model": "enterprise firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v8.0"
},
{
"model": "gateway security 5400 series",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v2.0"
},
{
"model": "gateway security 5400 series",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v2.0.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11i"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"model": "jinitiator",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "sdk 01a",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "jre .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "jinitiator",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.3.1"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle8i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.1.7.4.0"
},
{
"model": "sdk 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "sdk .0 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle8",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.0.6"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "enterprise manager application server control",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "oracle8i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "oracle8",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.0.6.3"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "sdk 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "workflow",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "11.5.9.5"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jinitiator",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.1.8"
},
{
"model": "enterprise manager application server control",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "workflow",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "11.5.1"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.1"
},
{
"model": "sdk 02",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "forms and reports",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "6.0.8.25"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "forms and reports",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "4.5.10.22"
},
{
"model": "express server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "6.3.4.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.4.1"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "54002.0.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "java runtime environment 05",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "54002.0"
},
{
"model": "jre .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "http server roll up",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.22"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "java desktop system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2003"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "http server for apps only .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "enterprise firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "jre .0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "java runtime environment 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"model": "java desktop system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.0"
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.1"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "java sdk/rte for hp-ux pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.0"
},
{
"model": "java sdk/rte for hp-ux pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.3"
},
{
"model": "java runtime environment 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3.1"
},
{
"model": "java runtime environment 08",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3.1"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.9"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.8"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.7"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.6"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.5"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.4"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.3"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.5"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.2"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.1"
},
{
"model": "oracle9i application server web cache",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.12"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "lotus notes fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:java_sdk-rte:1.3:*:hp-ux_pa-risc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_06:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_06:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_06:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_09:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_09:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:update3:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:update3:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_07:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update2:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update2:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update5:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update5:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_05:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_05:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update1:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update8:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_05:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_07:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_09:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:update3:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update1:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update4:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update5:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:8.0:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:8.0:*:windows_2000_nt:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_05:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_07:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_07:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_4:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_4:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_05:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update4:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update4:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_07:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_07:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_04:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_02:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update1:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update1:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update3:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update4:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update4:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:enterprise_firewall:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:java_sdk-rte:1.4:*:hp-ux_pa-risc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_06:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.3.1_07:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_03:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.0_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.1_03:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_04:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4.2_04:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update3:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update4:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.0:update4:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1:update1a:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_02:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_02:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_06:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.3.1_06:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_04:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.0_04:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_01:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.1_01:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update3:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4.2:update3:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security_5400:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:gateway_security_5400:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jouko Pynnonen jouko@iki.fi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1029",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2004-1029",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-9459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1029",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#760344",
"trust": 0.8,
"value": "17.55"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#613562",
"trust": 0.8,
"value": "55.60"
},
{
"author": "CNNVD",
"id": "CNNVD-200503-002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-9459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. \nOracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server. \nThis could result in a false sense of security. Oracle has not released any further information about this weakness. \nThe first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. \nThis issue occurs only in Internet Explorer running on Windows. \nThe second issue allows an untrusted applet to interfere with another applet embedded in the same web page. \nThis issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\\\u0027\\\u0027sandbox\\\u0027\\\u0027 and all restrictions to access restricted resources and systems. BACKGROUND\n\n Java Plug-in technology, included as part of the Java 2 Runtime\n Environment, Standard Edition (JRE), establishes a connection between\n popular browsers and the Java platform. This connection enables\n applets\n on Web sites to be run within a browser on the desktop. \n\n II. \n\n A number of private Java packages exist within the Java Virtual\n Machine\n (VM) and are used internally by the VM. Security restrictions prevent\n Applets from accessing these packages. Any attempt to access these\n packages, results in a thrown exception of \u0027AccessControlException\u0027,\n unless the Applet is signed and the user has chosen to trust the\n issuer. \n\n III. ANALYSIS\n\n Successful exploitation allows remote attackers to execute hostile\n Applets that can access, download, upload or execute arbitrary files\n as\n well as access the network. A target user must be running a browser on\n top of a vulnerable Java Virtual Machine to be affected. It is\n possible\n for an attacker to create a cross-platform, cross-browser exploit for\n this vulnerability. Once compromised, an attacker can execute\n arbitrary\n code under the privileges of the user who instantiated the vulnerable\n browser. \n\n IV. DETECTION\n\n iDEFENSE has confirmed the existence of this vulnerability in Java 2\n Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun\n Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox\n on\n both Windows and Unix platforms can be exploited if they are running a\n vulnerable Java Virtual Machine. \n\n V. \n Other Java Virtual Machines, such as the Microsoft VM, are available\n and\n can be used as an alternative. \n\n VI. VENDOR RESPONSE\n\n This issue has been fixed in J2SE v 1.4.2_06 available at:\n\n [15]http://java.sun.com/j2se/1.4.2/download.html\n\n VII. CVE INFORMATION\n\n The Common Vulnerabilities and Exposures (CVE) project has assigned\n the\n name CAN-2004-1029 to this issue. This is a candidate for inclusion in\n the CVE list ([16]http://cve.mitre.org), which standardizes names for\n security problems. \n\n VIII. DISCLOSURE TIMELINE\n\n 06/29/2004 Initial vendor notification\n 06/30/2004 Initial vendor response\n 08/16/2004 iDEFENSE clients notified\n 11/22/2004 Public disclosure\n\n IX. CREDIT\n\n Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery. \n\n Get paid for vulnerability research\n [17]http://www.idefense.com/poi/teams/vcp.jsp\n\n X. LEGAL NOTICES\n\n Copyright \\xa9 2004 iDEFENSE, Inc. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of iDEFENSE. If you wish to reprint the whole or any\n part of this alert in any other medium other than electronically,\n please\n email [18]customerservice@idefense.com for permission. \n\n Disclaimer: The information in the advisory is believed to be accurate\n at the time of publishing based on currently available information. \n Use\n of the information constitutes acceptance for use in an AS IS\n condition. \n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect,\n or consequential loss or damage arising from use of, or reliance on,\n this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1029"
},
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "PACKETSTORM",
"id": "35118"
}
],
"trust": 5.04
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9459",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1029",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "13271",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#760344",
"trust": 3.3
},
{
"db": "BID",
"id": "12317",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2008-0599",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29035",
"trust": 1.7
},
{
"db": "SREASON",
"id": "61",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#613562",
"trust": 1.6
},
{
"db": "XF",
"id": "18188",
"trust": 1.4
},
{
"db": "BID",
"id": "11726",
"trust": 1.2
},
{
"db": "BID",
"id": "14238",
"trust": 1.1
},
{
"db": "BID",
"id": "14279",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497",
"trust": 0.8
},
{
"db": "USCERT",
"id": "TA05-194A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002",
"trust": 0.7
},
{
"db": "SUNALERT",
"id": "101523",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "57591",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5674",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20041122 SUN JAVA PLUGIN ARBITRARY PACKAGE ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-02-22",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "35118",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "24763",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-78455",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9459",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"id": "VAR-200503-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:28:20.494000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX01214",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00897307"
},
{
"title": "HPSBUX01100",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00899041"
},
{
"title": "HPSBUX01214",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01214.html"
},
{
"title": "HPSBUX01100",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01100.html"
},
{
"title": "1257249",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
},
{
"title": "j2sdk",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=45#update_content"
},
{
"title": "jdksetup",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=22#update_content"
},
{
"title": "201660",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201660-1"
},
{
"title": "SYM05-001",
"trust": 0.8,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html"
},
{
"title": "SYM05-001",
"trust": 0.8,
"url": "http://www.symantec.com/region/jp/avcenter/security/content/2005.01.04.html"
},
{
"title": "Critical Patch Update - July 2005",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"title": "Critical Patch Updates and Security Alerts ",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm"
},
{
"title": "Map of Public Vulnerability to Advisory/Alert",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html"
},
{
"title": "Critical Patch Update - July 2005",
"trust": 0.8,
"url": "http://otn.oracle.co.jp/security/050715_71/top.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jouko.iki.fi/adv/javaplugin.html"
},
{
"trust": 2.5,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/760344"
},
{
"trust": 2.2,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/feb/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12317"
},
{
"trust": 1.7,
"url": "http://rpmfind.net/linux/rpm/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13271"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29035"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/61"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/13271/"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/18188"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5674"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0599"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18188"
},
{
"trust": 0.8,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"trust": 0.8,
"url": "http://java.sun.com/products/plugin/index.jsp"
},
{
"trust": 0.8,
"url": "http://java.sun.com/j2se/desktopjava/jre/index.jsp"
},
{
"trust": 0.8,
"url": "http://java.sun.com/docs/books/tutorial/essential/system/securityintro.html"
},
{
"trust": 0.8,
"url": "http://java.sun.com/j2se/1.5.0/docs/api/java/security/accesscontrolexception.html"
},
{
"trust": 0.8,
"url": "http://java.sun.com/docs/books/tutorial/reflect/"
},
{
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1029"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1029"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/11726"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2005/1074"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vn/jvnta05-194a"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14279"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14238"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-194a.html"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/613562"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0599"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5674"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://java.sun.com/products/plugin/versions.html#answers"
},
{
"trust": 0.3,
"url": "http://java.sun.com"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57741-1"
},
{
"trust": 0.3,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html"
},
{
"trust": 0.3,
"url": "/archive/1/381940"
},
{
"trust": 0.3,
"url": "/archive/1/382281"
},
{
"trust": 0.3,
"url": "/archive/1/382072"
},
{
"trust": 0.3,
"url": "http://www.integrigy.com/analysis.htm"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html"
},
{
"trust": 0.3,
"url": "/archive/1/406293"
},
{
"trust": 0.3,
"url": "/archive/1/404966"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/whitepaper/cpu_july_2005_silently_fixed_bugs.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://java.sun.com/j2se/1.4.2/download.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1029"
},
{
"trust": 0.1,
"url": "http://java.sun.com/products/plugin/."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#760344"
},
{
"date": "2005-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#613562"
},
{
"date": "2005-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-9459"
},
{
"date": "2004-11-22T00:00:00",
"db": "BID",
"id": "11726"
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14238"
},
{
"date": "2005-07-15T00:00:00",
"db": "BID",
"id": "14279"
},
{
"date": "2005-01-20T00:00:00",
"db": "BID",
"id": "12317"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"date": "2004-11-24T07:03:46",
"db": "PACKETSTORM",
"id": "35118"
},
{
"date": "2004-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"date": "2005-03-01T05:00:00",
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#760344"
},
{
"date": "2005-10-19T00:00:00",
"db": "CERT/CC",
"id": "VU#613562"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9459"
},
{
"date": "2009-07-12T08:06:00",
"db": "BID",
"id": "11726"
},
{
"date": "2009-07-12T16:06:00",
"db": "BID",
"id": "14238"
},
{
"date": "2005-07-15T00:00:00",
"db": "BID",
"id": "14279"
},
{
"date": "2008-04-07T16:18:00",
"db": "BID",
"id": "12317"
},
{
"date": "2008-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"date": "2017-10-11T01:29:40.293000",
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun Java Plug-in fails to restrict access to private Java packages",
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "12317"
}
],
"trust": 0.6
}
}
VAR-200411-0172
Vulnerability from variot - Updated: 2024-07-23 20:37The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. OpenSSL Is SSL/TLS Due to incomplete implementation of do_change_cipher_spec() In the function NULL A vulnerability exists where pointers are not handled properly.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications.
Using the Codenomicon TLS test tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec () function. Applications that rely on this library will generate a denial of service. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability
Revision 1.0
For Public Release 2004 March 17 at 1300 UTC (GMT)
----------------------------------------------------------------------
Contents
Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice: INTERIM
Distribution
Revision History
Cisco Security Procedures
----------------------------------------------------------------------
Summary
A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004.
An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack. There are workarounds available to mitigate the effects of this vulnerability on Cisco products in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it when it is available.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml.
* Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto
images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series
Routers.
* Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)
are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600
Series Routers.
* Cisco PIX Firewall
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers
* Cisco MDS 9000 Series Multilayer Switch
* Cisco Content Service Switch (CSS) 11000 series
* Cisco Global Site Selector (GSS) 4480
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1
* Cisco Access Registrar (CAR)
The following products have their SSL implementation based on the OpenSSL code and are not affected by this vulnerability.
* Cisco Secure Intrusion Detection System (NetRanger) appliance. This
includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2.
* Cisco SN 5428 and SN 5428-2 Storage Router
* Cisco CNS Configuration Engine
* Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and
6500 Series switches and Cisco 7600 Series routers
* Cisco SIP Proxy Server (SPS)
* CiscoWorks 1105 Hosting Solution Engine (HSE)
* CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)
* Cisco Ethernet Subscriber Solution Engine (ESSE)
The following products, which implement SSL, are not affected by this vulnerability.
* Cisco VPN 3000 Series Concentrators
CatOS does not implement SSL and is not vulnerable.
No other Cisco products are currently known to be affected by this vulnerability. This vulnerability is still being actively investigated across Cisco products and status of some products has still not been determined.
Details
Secure Sockets Layer (SSL), is a protocol used to encrypt the data transferred over an TCP session. SSL in Cisco products is mainly used by the HyperText Transfer Protocol Secure (HTTPS) web service for which the default TCP port is 443. The affected products, listed above, are only vulnerable if they have the HTTPS service enabled and the access to the service is not limited to trusted hosts or network management workstations.
To check if the HTTPS service is enabled one can do the following:
1. Check the configuration on the device to verify the status of the
HTTPS service.
2. Try to connect to the device using a standard web browser that
supports SSL using a URL similar to https://ip_address_of_device/.
3. Try and connect to the default HTTPS port, TCP 443, using Telnet.
telnet ip_address_of_device 443. If the session connects the service
is enabled and accessible. This
crash on many Cisco products would cause the device to reload.
A third vulnerability described in the NISCC advisory is a bug in older versions of OpenSSL, versions before 0.9.6d, that can also lead to a Denial of Service attack. None of the Cisco OpenSSL implementations are known to be affected by this older OpenSSL issue.
* Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)
image releases in the 12.1E release train for the Cisco 7100 and 7200
Series Routers are affected by this vulnerability. All IOS software
crypto (k8, k9, and k91) image releases in the 12.2SY release train
for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are
affected by this vulnerability. The SSH implementation in IOS is not
dependent on any OpenSSL code. SSH implementations in IOS do not
handle certificates, yet, and therefore do not use any SSL code for
SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for
providing the HTTPS and VPN Device Manager (VDM) services. This
vulnerability is documented in the Cisco Bug Toolkit (registered
customers only) as Bug ID CSCee00041. The HTTPS web service, that uses
the OpenSSL code, on the device is disabled by default. The no ip http
secure-server command may be used to disable the HTTPS web service on
the device, if required. The SSH and IPSec services in IOS are not
vulnerable to this vulnerability.
* Cisco PIX Firewall - PIX 6.x releases are affected by this
vulnerability. PIX 5.x releases do not contain any SSL code and are
not vulnerable. This vulnerability is documented in the Cisco Bug
Toolkit (registered customers only) as Bug ID CSCed90672.
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee02055.
* Cisco MDS 9000 Series Multilayer Switches - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCed96246.
* Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x
and 7.x are affected by this vulnerability. This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit
(registered customers only) as Bug ID CSCee01240 for the SSL module.
* Cisco Global Site Selector (GSS) 4480 - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee01057.
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1 - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCsa13748.
* Cisco Access Registrar (CAR) - This vulnerability is documented in the
Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956.
The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.
Impact
An affected network device running an SSL server based on the OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
Software Versions and Fixes
* Cisco IOS -
+----------------------------------------+
|Release| Fixed Releases |Availability |
| Train | | |
|-------+------------------+-------------|
|12.2SY |12.2(14)SY4 |March 25 |
|-------+------------------+-------------|
| |12.1(13)E14 |April 8 |
|12.1E |12.1.(19)E7 |April 8 |
| |12.1(20)E3 |April 26 |
+----------------------------------------+
* Cisco PIX Firewall - The vulnerability is fixed in software releases
6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering
builds may be obtained by contacting the Cisco Technical Assistance
Center (TAC). TAC Contact information is given in the Obtaining Fixed
Software section below.
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers - The vulnerability is fixed in
software release 1.1.3(14) which will be available by Monday, 22 of
March, 2004. This engineering builds may be obtained by contacting the
Cisco Technical Assistance Center (TAC). TAC Contact information is
given in the Obtaining Fixed Software section below.
* Cisco MDS 9000 Series Multilayer Switches - No fixed software release
or software availability date has been determined yet.
* Cisco Content Service Switch (CSS) 11000 series -No fixed software
release or software availability date has been determined yet.
* Cisco Global Site Selector (GSS) 4480 - No fixed software release or
software availability date has been determined yet.
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1 - No fixed software release or
software availability date has been determined yet.
* Cisco Access Registrar (CAR) - The vulnerability is fixed in software
release 3.5.0.12 which will be available by Friday, 26 of March, 2004.
Obtaining Fixed Software
Cisco is offering free software upgrades to address this vulnerability for all affected customers.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, Customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set forth at the Cisco Connection Online Software Center at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center. To access the software download URL, you must be a registered user and you must be logged in.
Customers whose Cisco products are provided or maintained through a prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers, should contact that support organization for assistance with obtaining the software upgrade(s).
Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) using the contact information listed below. In these cases, customers are entitled to obtain a free upgrade to a later version of the same release or as indicated by the applicable corrected software version in the Software Versions and Fixes section (noted above).
Cisco TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a upgrade. Upgrades for non-contract customers must be requested through the TAC.
Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.
Workarounds
The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code as soon as it is available.
* Restrict access to the HTTPS server on the network device. Allow
access to the network device only from trusted workstations by using
access lists / MAC filters that are available on the affected
platforms.
* Disable the SSL server / service on the network device. This
workaround must be weighed against the need for secure communications
with the vulnerable device.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco PSIRT by NISCC.
Status of This Notice: INTERIM
This is an interim advisory. Although Cisco cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this advisory.
A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory will be posted on Cisco's worldwide website at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml .
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org (includes CERT/CC)
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.netsys.com
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------+ |Revision 1.0|2004-March-17|Initial | | | |release. | +------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information.
----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Comment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT
iD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid 7AhsNlLsNVSLwTRKTHSigu0= =gtba -----END PGP SIGNATURE----- . Any application that makes use of OpenSSL's SSL/TLS library may be affected. Any application that makes use of OpenSSL's SSL/TLS library may be affected.
Recommendations
Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):
ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.7d.tar.gz
MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5
o openssl-0.9.6m.tar.gz [normal]
MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9
o openssl-engine-0.9.6m.tar.gz [engine]
MD5 checksum: 4c39d2524bd466180f9077f8efddac8c
The checksums were calculated using the following command:
openssl md5 openssl-0.9*.tar.gz
Credits
Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing.
References
http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200411-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "okena stormwatch",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "ciscoworks common services",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ciscoworks common management foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "1.1.3"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "1.1.2"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.1_\\(3.005\\)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1_\\(0.208\\)"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5.2"
},
{
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.4"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "2.0"
},
{
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "1.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.04"
},
{
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.00"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "6.10"
},
{
"model": "secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg203",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "sg203",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3.1"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.4"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.3"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.2"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.1"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "4.0"
},
{
"model": "threat response",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "call manager",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"model": "access registrar",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3.1"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "vsx_ng_with_application_intelligence"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7c"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.04"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "7500_r2.0.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.10_b4"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.1"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2za"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(19\\)e1"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.1.02"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.02"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "8.5.12a"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.12"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.10_.0.06s"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2sy"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.1"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.2"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.1_build_2129"
},
{
"model": "sg208",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(4\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e14"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e12"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy1"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "gss 4490 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.109\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1.02"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(1\\)"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.1"
},
{
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2.2"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "*"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3210"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "500"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(1\\)"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.2"
},
{
"model": "gss 4480 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5x"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4\\)"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.30"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc1"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.20"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_2.0"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3400"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2_0.0.03"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "10000_r2.0.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.102\\)"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.03"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "8.05"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.1_build_5336"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.7a-2"
},
{
"model": "css11000 content services switch",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5000_r2.0.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3.100\\)"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "2.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6-15"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.2.06"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "mds 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(3\\)"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4.101\\)"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2_rc2"
},
{
"model": "application and content networking software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11\\)e"
},
{
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_3.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6k"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6b-3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "threat response",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "aaa server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.40"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.00"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc3"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0_build_7592"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2_.111"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "100_r2.0.1"
},
{
"model": "access registrar",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "provider-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.01"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "crypto accelerator 4000",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(5\\)"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.1"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.05.08"
},
{
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2_rc1"
},
{
"model": "clientless vpn gateway 4400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "5.0"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5.1.46"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(2\\)"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "2000_r2.0.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(1\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(13\\)e9"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.01"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.10"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc2"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1000 v1.0"
},
{
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng and later versions"
},
{
"model": "vine linux",
"scope": "eq",
"trust": 0.8,
"vendor": "vine linux",
"version": "2.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "2.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "vine linux",
"scope": "eq",
"trust": 0.8,
"vendor": "vine linux",
"version": "2.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp wbem services",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "for hp-ux a.02.00.00"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "hp-ux aaa server",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "a.06.01.02.04 and earlier"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng and later versions"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "hp wbem services",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "for linux a.02.00.01"
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7110"
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7115"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "cisco 7600 for )"
},
{
"model": "netshelter series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "check the information provided by the vendor. )"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "trendmicro interscan viruswall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "3.81"
},
{
"model": "global site selector",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4480 4490"
},
{
"model": "hp-ux apache-based web server",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "version"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "version 1 2"
},
{
"model": "netscreen ive",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "all versions"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "ipcom series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "check the information provided by the vendor. )"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "500"
},
{
"model": "ipcom series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( for details"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1000 v1.1"
},
{
"model": "netwatcher",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( sensor device )"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "css 11000 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firewall-1 gx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "v2.0"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco catalyst 6500 for"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (workgroup)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (hosting)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux apache-based web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.0.49.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "hp-ux aaa server",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "a.06.01.02.06"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "vsx ng with application intelligence"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "mds 9000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "multilayer switch"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "4000 v1.0"
},
{
"model": "netscreen idp",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "2.0 - 2.1r6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7c and earlier"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "application and content networking system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7117"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "hp wbem services",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "for hp-ux a.01.05.08 and earlier"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "css 11500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netshelter series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( for details"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "firewall services module",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.07592"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.12129"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"model": "clientless vpn gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "44005.0"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "40001.0"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.24"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.23"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.02"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.04"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.03"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.02"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.01"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.1"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "openssl096b-0.9.6b-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl096-0.9.6-15.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-perl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-devel-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "hat fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3.1"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.2"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.1"
},
{
"model": "litespeed web server rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.1"
},
{
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1.1"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.1"
},
{
"model": "wbem a.02.00.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem a.02.00.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem a.01.05.08",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.5"
},
{
"model": "aaa server",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.13"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.12"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.1"
},
{
"model": "webns .0.06s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.20.0.03"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.2.06"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.1.02"
},
{
"model": "webns b4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.10"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.109)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.102)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3.100)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"model": "ios 12.2za",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44900"
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(0.208)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(3.005)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software vpn-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 gx",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "2.0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.12"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7500"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5x0"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "50"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2000"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10000"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "100"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "s8700 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity r5 r5.1.46",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity audix r5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "intuity s3400",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity s3210",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "gsx server",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"model": "stonegate sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.12"
},
{
"model": "stonegate",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5x86"
},
{
"model": "stonegate ibm zseries",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5"
},
{
"model": "computing sidewinder",
"scope": "ne",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.10"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "4.1"
},
{
"model": "project openssl d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl m",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.2"
},
{
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"model": "secure gateway for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "1.14"
},
{
"model": "threat response",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(0.86)"
},
{
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90001.3(3.33)"
},
{
"model": "point software vpn-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "webstar",
"scope": "ne",
"trust": 0.3,
"vendor": "4d",
"version": "5.3.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "oneworld xe/erp8 applications sp22",
"scope": null,
"trust": 0.3,
"vendor": "peoplesoft",
"version": null
},
{
"model": "enterpriseone applications",
"scope": "eq",
"trust": 0.3,
"vendor": "peoplesoft",
"version": "8.93"
},
{
"model": "enterpriseone applications sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "peoplesoft",
"version": "8.9"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle8i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "oracle8i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7.4.0"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.9"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.8"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.7"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.6"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.5"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.4"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.3"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.1"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.2"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-0079",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-8509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0079",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#288574",
"trust": 0.8,
"value": "27.38"
},
{
"author": "NVD",
"id": "CVE-2004-0079",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200411-124",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. OpenSSL Is SSL/TLS Due to incomplete implementation of do_change_cipher_spec() In the function NULL A vulnerability exists where pointers are not handled properly.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications. \n\n\u00a0Using the Codenomicon TLS test tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec () function. Applications that rely on this library will generate a denial of service. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. \nThe second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. \nApache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. \nAppkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. \nBluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. \nCoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. \nCUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. \nDirectory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. \nHItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. \nKerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. \nloginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. \nMail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. \nMySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. \nping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. \nQuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. \nSafari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. \nSecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. \nservermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. \nservermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. \nSquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. \ntraceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. \nWebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. \nWeblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. \nX11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. \nzlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. \nThese vulnerabilities will be separated into individual BIDs upon further analysis of the issues. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability\n\nRevision 1.0\n\n For Public Release 2004 March 17 at 1300 UTC (GMT)\n\n ----------------------------------------------------------------------\n\nContents\n\n Summary\n Affected Products\n Details\n Impact\n Software Versions and Fixes\n Obtaining Fixed Software\n Workarounds\n Exploitation and Public Announcements\n Status of This Notice: INTERIM\n Distribution\n Revision History\n Cisco Security Procedures\n\n ----------------------------------------------------------------------\n\nSummary\n\n A new vulnerability in the OpenSSL implementation for SSL\n has been announced on March 17, 2004. \n\n An affected network device running an SSL server based on an affected\n OpenSSL implementation may be vulnerable to a Denial of Service (DoS)\n attack. There are workarounds available to mitigate the effects of this\n vulnerability on Cisco products in the workaround section of this\n advisory. Cisco is providing fixed software, and recommends that customers\n upgrade to it when it is available. \n\n This advisory will be posted at\n http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. \n\n * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto\n images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series\n Routers. \n * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)\n are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600\n Series Routers. \n * Cisco PIX Firewall\n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers\n * Cisco MDS 9000 Series Multilayer Switch\n * Cisco Content Service Switch (CSS) 11000 series\n * Cisco Global Site Selector (GSS) 4480\n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1\n * Cisco Access Registrar (CAR)\n\n The following products have their SSL implementation based on the OpenSSL\n code and are not affected by this vulnerability. \n\n * Cisco Secure Intrusion Detection System (NetRanger) appliance. This\n includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. \n * Cisco SN 5428 and SN 5428-2 Storage Router\n * Cisco CNS Configuration Engine\n * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and\n 6500 Series switches and Cisco 7600 Series routers\n * Cisco SIP Proxy Server (SPS)\n * CiscoWorks 1105 Hosting Solution Engine (HSE)\n * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)\n * Cisco Ethernet Subscriber Solution Engine (ESSE)\n\n The following products, which implement SSL, are not affected by this\n vulnerability. \n\n * Cisco VPN 3000 Series Concentrators\n\n CatOS does not implement SSL and is not vulnerable. \n\n No other Cisco products are currently known to be affected by this\n vulnerability. This vulnerability is still being actively investigated\n across Cisco products and status of some products has still not been\n determined. \n\nDetails\n\n Secure Sockets Layer (SSL), is a protocol used to encrypt the data\n transferred over an TCP session. SSL in Cisco products is mainly used by\n the HyperText Transfer Protocol Secure (HTTPS) web service for which the\n default TCP port is 443. The affected products, listed above, are only\n vulnerable if they have the HTTPS service enabled and the access to the\n service is not limited to trusted hosts or network management\n workstations. \n\n To check if the HTTPS service is enabled one can do the following:\n\n 1. Check the configuration on the device to verify the status of the\n HTTPS service. \n 2. Try to connect to the device using a standard web browser that\n supports SSL using a URL similar to https://ip_address_of_device/. \n 3. Try and connect to the default HTTPS port, TCP 443, using Telnet. \n telnet ip_address_of_device 443. If the session connects the service\n is enabled and accessible. This\n crash on many Cisco products would cause the device to reload. \n\n A third vulnerability described in the NISCC advisory is a bug in older\n versions of OpenSSL, versions before 0.9.6d, that can also lead to a\n Denial of Service attack. None of the Cisco OpenSSL implementations are\n known to be affected by this older OpenSSL issue. \n\n * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)\n image releases in the 12.1E release train for the Cisco 7100 and 7200\n Series Routers are affected by this vulnerability. All IOS software\n crypto (k8, k9, and k91) image releases in the 12.2SY release train\n for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are\n affected by this vulnerability. The SSH implementation in IOS is not\n dependent on any OpenSSL code. SSH implementations in IOS do not\n handle certificates, yet, and therefore do not use any SSL code for\n SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for\n providing the HTTPS and VPN Device Manager (VDM) services. This\n vulnerability is documented in the Cisco Bug Toolkit (registered\n customers only) as Bug ID CSCee00041. The HTTPS web service, that uses\n the OpenSSL code, on the device is disabled by default. The no ip http\n secure-server command may be used to disable the HTTPS web service on\n the device, if required. The SSH and IPSec services in IOS are not\n vulnerable to this vulnerability. \n * Cisco PIX Firewall - PIX 6.x releases are affected by this\n vulnerability. PIX 5.x releases do not contain any SSL code and are\n not vulnerable. This vulnerability is documented in the Cisco Bug\n Toolkit (registered customers only) as Bug ID CSCed90672. \n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee02055. \n * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCed96246. \n * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x\n and 7.x are affected by this vulnerability. This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit\n (registered customers only) as Bug ID CSCee01240 for the SSL module. \n * Cisco Global Site Selector (GSS) 4480 - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee01057. \n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1 - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCsa13748. \n * Cisco Access Registrar (CAR) - This vulnerability is documented in the\n Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956. \n\n The Internetworking Terms and Cisco Systems Acronyms online guides can be\n found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/. \n\nImpact\n\n An affected network device running an SSL server based on the OpenSSL\n implementation may be vulnerable to a Denial of Service (DoS) attack. \n\nSoftware Versions and Fixes\n\n * Cisco IOS -\n\n +----------------------------------------+\n |Release| Fixed Releases |Availability |\n | Train | | |\n |-------+------------------+-------------|\n |12.2SY |12.2(14)SY4 |March 25 |\n |-------+------------------+-------------|\n | |12.1(13)E14 |April 8 |\n |12.1E |12.1.(19)E7 |April 8 |\n | |12.1(20)E3 |April 26 |\n +----------------------------------------+\n\n * Cisco PIX Firewall - The vulnerability is fixed in software releases\n 6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering\n builds may be obtained by contacting the Cisco Technical Assistance\n Center (TAC). TAC Contact information is given in the Obtaining Fixed\n Software section below. \n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers - The vulnerability is fixed in\n software release 1.1.3(14) which will be available by Monday, 22 of\n March, 2004. This engineering builds may be obtained by contacting the\n Cisco Technical Assistance Center (TAC). TAC Contact information is\n given in the Obtaining Fixed Software section below. \n * Cisco MDS 9000 Series Multilayer Switches - No fixed software release\n or software availability date has been determined yet. \n * Cisco Content Service Switch (CSS) 11000 series -No fixed software\n release or software availability date has been determined yet. \n * Cisco Global Site Selector (GSS) 4480 - No fixed software release or\n software availability date has been determined yet. \n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1 - No fixed software release or\n software availability date has been determined yet. \n * Cisco Access Registrar (CAR) - The vulnerability is fixed in software\n release 3.5.0.12 which will be available by Friday, 26 of March, 2004. \n\nObtaining Fixed Software\n\n Cisco is offering free software upgrades to address this vulnerability for\n all affected customers. \n\n Customers may only install and expect support for the feature sets they\n have purchased. By installing, downloading, accessing or otherwise using\n such software upgrades, Customers agree to be bound by the terms of\n Cisco\u0027s software license terms found at\n http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set\n forth at the Cisco Connection Online Software Center at\n http://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\n Customers with contracts should obtain upgraded software through their\n regular update channels. For most customers, this means that upgrades\n should be obtained through the Software Center on Cisco\u0027s worldwide\n website at http://www.cisco.com/tacpage/sw-center. To access the software\n download URL, you must be a registered user and you must be logged in. \n\n Customers whose Cisco products are provided or maintained through a prior\n or existing agreement with third-party support organizations such as Cisco\n Partners, authorized resellers, or service providers, should contact that\n support organization for assistance with obtaining the software\n upgrade(s). \n\n Customers who purchase direct from Cisco but who do not hold a Cisco\n service contract and customers who purchase through third-party vendors\n but are unsuccessful at obtaining fixed software through their point of\n sale should get their upgrades by contacting the Cisco Technical\n Assistance Center (TAC) using the contact information listed below. In\n these cases, customers are entitled to obtain a free upgrade to a later\n version of the same release or as indicated by the applicable corrected\n software version in the Software Versions and Fixes section (noted above). \n\n Cisco TAC contacts are as follows:\n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\n See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for\n additional TAC contact information, including special localized telephone\n numbers and instructions and e-mail addresses for use in various\n languages. \n\n Please have your product serial number available and give the URL of this\n notice as evidence of your entitlement to a upgrade. Upgrades for\n non-contract customers must be requested through the TAC. \n\n Please do not contact either \"psirt@cisco.com\" or\n \"security-alert@cisco.com\" for software upgrades. \n\nWorkarounds\n\n The Cisco PSIRT recommends that affected users upgrade to a fixed software\n version of code as soon as it is available. \n\n * Restrict access to the HTTPS server on the network device. Allow\n access to the network device only from trusted workstations by using\n access lists / MAC filters that are available on the affected\n platforms. \n * Disable the SSL server / service on the network device. This\n workaround must be weighed against the need for secure communications\n with the vulnerable device. \n\nExploitation and Public Announcements\n\n The Cisco PSIRT is not aware of any malicious use of the vulnerability\n described in this advisory. \n\n This vulnerability was reported to Cisco PSIRT by NISCC. \n\nStatus of This Notice: INTERIM\n\n This is an interim advisory. Although Cisco cannot guarantee the accuracy\n of all statements in this advisory, all of the facts have been checked to\n the best of our ability. Cisco does not anticipate issuing updated\n versions of this advisory unless there is some material change in the\n facts. Should there be a significant change in the facts, Cisco may update\n this advisory. \n\n A stand-alone copy or paraphrase of the text of this security advisory\n that omits the distribution URL in the following section is an\n uncontrolled copy, and may lack important information or contain factual\n errors. \n\nDistribution\n\n This advisory will be posted on Cisco\u0027s worldwide website at\n http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml . \n\n In addition to worldwide web posting, a text version of this notice is\n clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207\n 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following\n e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-teams@first.org (includes CERT/CC)\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.netsys.com\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\n Future updates of this advisory, if any, will be placed on Cisco\u0027s\n worldwide website, but may or may not be actively announced on mailing\n lists or newsgroups. Users concerned about this problem are encouraged to\n check the above URL for any updates. \n\nRevision History\n\n +------------------------------------------+\n |Revision 1.0|2004-March-17|Initial |\n | | |release. |\n +------------------------------------------+\n\nCisco Security Procedures\n\n Complete information on reporting security vulnerabilities in Cisco\n products, obtaining assistance with security incidents, and registering to\n receive security information from Cisco, is available on Cisco\u0027s worldwide\n website at\n http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This\n includes instructions for press inquiries regarding Cisco security\n notices. All Cisco security advisories are available at\n http://www.cisco.com/go/psirt. \n\n This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may\n be redistributed freely after the release date given at the top of the\n text, provided that redistributed copies are complete and unmodified,\n including all date and version information. \n\n ----------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nComment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT\n\niD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid\n7AhsNlLsNVSLwTRKTHSigu0=\n=gtba\n-----END PGP SIGNATURE-----\n. Any\napplication that makes use of OpenSSL\u0027s SSL/TLS library may be\naffected. Any application that makes use of OpenSSL\u0027s SSL/TLS library\nmay be affected. \n\nRecommendations\n---------------\n\nUpgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nOpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and\nFTP from the following master locations (you can find the various FTP\nmirrors under http://www.openssl.org/source/mirror.html):\n\n ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n o openssl-0.9.7d.tar.gz\n MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5\n \n o openssl-0.9.6m.tar.gz [normal]\n MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9\n o openssl-engine-0.9.6m.tar.gz [engine]\n MD5 checksum: 4c39d2524bd466180f9077f8efddac8c\n\nThe checksums were calculated using the following command:\n\n openssl md5 openssl-0.9*.tar.gz\n\nCredits\n-------\n\nPatches for these issues were created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. The OpenSSL team would\nlike to thank Codenomicon for supplying the TLS Test Tool which was\nused to discover these vulnerabilities, and Joe Orton of Red Hat for\nperforming the majority of the testing. \n\nReferences\n----------\n\nhttp://www.codenomicon.com/testtools/tls/\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20040317.txt\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0079"
},
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
}
],
"trust": 3.96
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8509",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8509"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0079",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#288574",
"trust": 3.3
},
{
"db": "BID",
"id": "9899",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA04-078A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "17398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "18247",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11139",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "17381",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "17401",
"trust": 1.7
},
{
"db": "XF",
"id": "15505",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1009458",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-0791",
"trust": 0.6
},
{
"db": "BID",
"id": "14567",
"trust": 0.3
},
{
"db": "BID",
"id": "13139",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "32886",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "32887",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-8509",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"id": "VAR-200411-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8509"
}
],
"trust": 0.52271296
},
"last_update_date": "2024-07-23T20:37:18.156000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openssl",
"trust": 0.8,
"url": "http://www.checkpoint.com/services/techsupport/alerts/openssl.html"
},
{
"title": "cisco-sa-20040317-openssl",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"title": "HPSBMA01037",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c01007278"
},
{
"title": "HPSBUX01019",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00944046"
},
{
"title": "HPSBUX01011",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00897351"
},
{
"title": "HPSBUX01019",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01019.html"
},
{
"title": "HPSBUX01011",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01011.html"
},
{
"title": "NetScreen Advisory 58466",
"trust": 0.8,
"url": "http://www.juniper.net/support/security/alerts/adv58466-2.txt"
},
{
"title": "openssl096",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=155"
},
{
"title": "AXSA-2005-129:1",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=210"
},
{
"title": "NetBSD-SA2004-005",
"trust": 0.8,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
},
{
"title": "016: RELIABILITY FIX: March 17, 2004",
"trust": 0.8,
"url": "http://www.openbsd.org/errata34.html#openssl"
},
{
"title": "secadv_20040317",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"title": "RHSA-2005:830",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2005-830.html"
},
{
"title": "RHSA-2005:829",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2005-829.html"
},
{
"title": "RHSA-2004:120",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-120.html"
},
{
"title": "RHSA-2004:121",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-121.html"
},
{
"title": "57524",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-1"
},
{
"title": "57571",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-1"
},
{
"title": "57571",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-3"
},
{
"title": "57524",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-3"
},
{
"title": "4 Apache Security Update 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng"
},
{
"title": "19387",
"trust": 0.8,
"url": "http://kb.trendmicro.com/solutions/solutiondetail.asp?solutionid=19387"
},
{
"title": "TLSA-2004-9",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2004/tlsa-2004-9.txt"
},
{
"title": "OpenSSL \u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.checkpoint.co.jp/techsupport/alerts/openssl.html"
},
{
"title": "RHSA-2004:120",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-120j.html"
},
{
"title": "RHSA-2005:830",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-830j.html"
},
{
"title": "RHSA-2005:829",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2005-829j.html"
},
{
"title": "openssl \u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
"trust": 0.8,
"url": "http://vinelinux.org/errata/25x/20040319-1.html"
},
{
"title": "TLSA-2004-9",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2004/tlsa-2004-9j.txt"
},
{
"title": "IPCOM\u30b7\u30ea\u30fc\u30ba\u306eOpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://primeserver.fujitsu.com/ipcom/support/security20040325/"
},
{
"title": "[\u91cd\u8981] OpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://jp.fujitsu.com/support/security/backnumber/2004/0325/"
},
{
"title": "224012",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cert/niscc.html#224012-openssl"
},
{
"title": "OpenSSL Repair measures for denial of service attack vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169017"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9899"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/288574"
},
{
"trust": 2.5,
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
},
{
"trust": 1.8,
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"trust": 1.7,
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"trust": 1.7,
"url": "http://fedoranews.org/updates/fedora-2004-095.shtml"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:023"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2621"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5770"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a870"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a975"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9779"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-139.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2005-829.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2005-830.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11139"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17381"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17398"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17401"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18247"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"trust": 1.7,
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
},
{
"trust": 1.6,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"trust": 1.6,
"url": "http://support.lexmark.com/index?page=content\u0026id=te88\u0026locale=en\u0026userlocale=en_us"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
},
{
"trust": 1.1,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-04:05.openssl.asc"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
},
{
"trust": 1.1,
"url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
},
{
"trust": 0.8,
"url": "http://www.openssl.org"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0079"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/15505"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-078a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-224012/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-078a"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0079"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/securitynews/5op0g20caa.html"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040318_082932.html"
},
{
"trust": 0.6,
"url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
},
{
"trust": 0.6,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
},
{
"trust": 0.3,
"url": "http://www.4d.com/products/4dwsv.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3123.html"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-10.html"
},
{
"trust": 0.3,
"url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
},
{
"trust": 0.3,
"url": "http://www.litespeedtech.com"
},
{
"trust": 0.3,
"url": "/archive/1/357672"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.suresec.org/advisories/adv5.pdf"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.3,
"url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
},
{
"trust": 0.3,
"url": "/archive/1/395699"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0079"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0112"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=107953412903636\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
},
{
"trust": 0.1,
"url": "http://support.lexmark.com/index?page=content\u0026amp;id=te88\u0026amp;locale=en\u0026amp;userlocale=en_us"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108403806509920\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026amp;y=2004\u0026amp;m=slackware-security.455961"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-license-agreement.html,"
},
{
"trust": 0.1,
"url": "https://ip_address_of_device/."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/univercd/cc/td/doc/cisintwk/."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/tacpage/sw-center."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.codenomicon.com/testtools/tls/"
},
{
"trust": 0.1,
"url": "http://www.openssl.org/source/mirror.html):"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#288574"
},
{
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"db": "VULHUB",
"id": "VHN-8509"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-17T00:00:00",
"db": "CERT/CC",
"id": "VU#288574"
},
{
"date": "2004-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"date": "2004-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-8509"
},
{
"date": "2004-03-17T00:00:00",
"db": "BID",
"id": "9899"
},
{
"date": "2005-08-15T00:00:00",
"db": "BID",
"id": "14567"
},
{
"date": "2005-04-12T00:00:00",
"db": "BID",
"id": "13139"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"date": "2004-03-17T15:44:08",
"db": "PACKETSTORM",
"id": "32887"
},
{
"date": "2004-03-17T14:36:13",
"db": "PACKETSTORM",
"id": "32886"
},
{
"date": "2003-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"date": "2004-11-23T05:00:00",
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-26T00:00:00",
"db": "CERT/CC",
"id": "VU#288574"
},
{
"date": "2004-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0791"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-8509"
},
{
"date": "2015-03-19T08:20:00",
"db": "BID",
"id": "9899"
},
{
"date": "2006-05-05T23:10:00",
"db": "BID",
"id": "14567"
},
{
"date": "2006-05-05T23:30:00",
"db": "BID",
"id": "13139"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000086"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-124"
},
{
"date": "2023-12-28T15:33:29.973000",
"db": "NVD",
"id": "CVE-2004-0079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL contains null-pointer assignment in do_change_cipher_spec() function",
"sources": [
{
"db": "CERT/CC",
"id": "VU#288574"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "BID",
"id": "13139"
}
],
"trust": 0.9
}
}
VAR-201205-0305
Vulnerability from variot - Updated: 2024-07-23 20:13sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Ubuntu update for php
SECUNIA ADVISORY ID: SA49097
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49097
RELEASE DATE: 2012-05-07
DISCUSS ADVISORY: http://secunia.com/advisories/49097/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49097/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49097
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Ubuntu has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.
For more information: SA49014
SOLUTION: Apply updated packages.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
ORIGINAL ADVISORY: USN-1437-1: http://www.ubuntu.com/usn/usn-1437-1/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window.
Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices.
For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9.
The testing distribution (wheezy) will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1.
We recommend that you upgrade your php5 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03368475
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03368475 Version: 1
HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-06-14 Last Updated: 2012-06-14
Potential Security Impact: Remote execution of arbitrary code, privilege elevation, or Denial of Service (DoS).
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS).
References: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier
BACKGROUND For a PGP signed
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-1172 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com
HP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17 HP-UX 11i Release Apache Depot name
B.11.23 (32-bit) HPUXWS22ATW-B324-32
B.11.23 (64-bit) HPUXWS22ATW-B324-64
B.11.31 (32-bit) HPUXWS22ATW-B324-32
B.11.31 (64-bit) HPUXWS22ATW-B324-64
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.24 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant. HP-UX Web Server Suite v3.24 AFFECTED VERSIONS
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2
action: install revision B.2.2.15.13 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 14 June 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Relevant releases/architectures:
RHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: php security update Advisory ID: RHSA-2012:0568-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0568.html Issue date: 2012-05-10 CVE Names: CVE-2012-1823 =====================================================================
- Summary:
Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.0) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.1) - i386, ppc64, s390x, x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823)
Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827)
- Package List:
Red Hat Enterprise Linux Long Life (v. 5.3 server):
Source: php-5.1.6-23.3.el5_3.src.rpm
i386: php-5.1.6-23.3.el5_3.i386.rpm php-bcmath-5.1.6-23.3.el5_3.i386.rpm php-cli-5.1.6-23.3.el5_3.i386.rpm php-common-5.1.6-23.3.el5_3.i386.rpm php-dba-5.1.6-23.3.el5_3.i386.rpm php-debuginfo-5.1.6-23.3.el5_3.i386.rpm php-devel-5.1.6-23.3.el5_3.i386.rpm php-gd-5.1.6-23.3.el5_3.i386.rpm php-imap-5.1.6-23.3.el5_3.i386.rpm php-ldap-5.1.6-23.3.el5_3.i386.rpm php-mbstring-5.1.6-23.3.el5_3.i386.rpm php-mysql-5.1.6-23.3.el5_3.i386.rpm php-ncurses-5.1.6-23.3.el5_3.i386.rpm php-odbc-5.1.6-23.3.el5_3.i386.rpm php-pdo-5.1.6-23.3.el5_3.i386.rpm php-pgsql-5.1.6-23.3.el5_3.i386.rpm php-snmp-5.1.6-23.3.el5_3.i386.rpm php-soap-5.1.6-23.3.el5_3.i386.rpm php-xml-5.1.6-23.3.el5_3.i386.rpm php-xmlrpc-5.1.6-23.3.el5_3.i386.rpm
ia64: php-5.1.6-23.3.el5_3.ia64.rpm php-bcmath-5.1.6-23.3.el5_3.ia64.rpm php-cli-5.1.6-23.3.el5_3.ia64.rpm php-common-5.1.6-23.3.el5_3.ia64.rpm php-dba-5.1.6-23.3.el5_3.ia64.rpm php-debuginfo-5.1.6-23.3.el5_3.ia64.rpm php-devel-5.1.6-23.3.el5_3.ia64.rpm php-gd-5.1.6-23.3.el5_3.ia64.rpm php-imap-5.1.6-23.3.el5_3.ia64.rpm php-ldap-5.1.6-23.3.el5_3.ia64.rpm php-mbstring-5.1.6-23.3.el5_3.ia64.rpm php-mysql-5.1.6-23.3.el5_3.ia64.rpm php-ncurses-5.1.6-23.3.el5_3.ia64.rpm php-odbc-5.1.6-23.3.el5_3.ia64.rpm php-pdo-5.1.6-23.3.el5_3.ia64.rpm php-pgsql-5.1.6-23.3.el5_3.ia64.rpm php-snmp-5.1.6-23.3.el5_3.ia64.rpm php-soap-5.1.6-23.3.el5_3.ia64.rpm php-xml-5.1.6-23.3.el5_3.ia64.rpm php-xmlrpc-5.1.6-23.3.el5_3.ia64.rpm
x86_64: php-5.1.6-23.3.el5_3.x86_64.rpm php-bcmath-5.1.6-23.3.el5_3.x86_64.rpm php-cli-5.1.6-23.3.el5_3.x86_64.rpm php-common-5.1.6-23.3.el5_3.x86_64.rpm php-dba-5.1.6-23.3.el5_3.x86_64.rpm php-debuginfo-5.1.6-23.3.el5_3.x86_64.rpm php-devel-5.1.6-23.3.el5_3.x86_64.rpm php-gd-5.1.6-23.3.el5_3.x86_64.rpm php-imap-5.1.6-23.3.el5_3.x86_64.rpm php-ldap-5.1.6-23.3.el5_3.x86_64.rpm php-mbstring-5.1.6-23.3.el5_3.x86_64.rpm php-mysql-5.1.6-23.3.el5_3.x86_64.rpm php-ncurses-5.1.6-23.3.el5_3.x86_64.rpm php-odbc-5.1.6-23.3.el5_3.x86_64.rpm php-pdo-5.1.6-23.3.el5_3.x86_64.rpm php-pgsql-5.1.6-23.3.el5_3.x86_64.rpm php-snmp-5.1.6-23.3.el5_3.x86_64.rpm php-soap-5.1.6-23.3.el5_3.x86_64.rpm php-xml-5.1.6-23.3.el5_3.x86_64.rpm php-xmlrpc-5.1.6-23.3.el5_3.x86_64.rpm
Red Hat Enterprise Linux EUS (v. 5.6 server):
Source: php-5.1.6-27.el5_6.4.src.rpm
i386: php-5.1.6-27.el5_6.4.i386.rpm php-bcmath-5.1.6-27.el5_6.4.i386.rpm php-cli-5.1.6-27.el5_6.4.i386.rpm php-common-5.1.6-27.el5_6.4.i386.rpm php-dba-5.1.6-27.el5_6.4.i386.rpm php-debuginfo-5.1.6-27.el5_6.4.i386.rpm php-devel-5.1.6-27.el5_6.4.i386.rpm php-gd-5.1.6-27.el5_6.4.i386.rpm php-imap-5.1.6-27.el5_6.4.i386.rpm php-ldap-5.1.6-27.el5_6.4.i386.rpm php-mbstring-5.1.6-27.el5_6.4.i386.rpm php-mysql-5.1.6-27.el5_6.4.i386.rpm php-ncurses-5.1.6-27.el5_6.4.i386.rpm php-odbc-5.1.6-27.el5_6.4.i386.rpm php-pdo-5.1.6-27.el5_6.4.i386.rpm php-pgsql-5.1.6-27.el5_6.4.i386.rpm php-snmp-5.1.6-27.el5_6.4.i386.rpm php-soap-5.1.6-27.el5_6.4.i386.rpm php-xml-5.1.6-27.el5_6.4.i386.rpm php-xmlrpc-5.1.6-27.el5_6.4.i386.rpm
ia64: php-5.1.6-27.el5_6.4.ia64.rpm php-bcmath-5.1.6-27.el5_6.4.ia64.rpm php-cli-5.1.6-27.el5_6.4.ia64.rpm php-common-5.1.6-27.el5_6.4.ia64.rpm php-dba-5.1.6-27.el5_6.4.ia64.rpm php-debuginfo-5.1.6-27.el5_6.4.ia64.rpm php-devel-5.1.6-27.el5_6.4.ia64.rpm php-gd-5.1.6-27.el5_6.4.ia64.rpm php-imap-5.1.6-27.el5_6.4.ia64.rpm php-ldap-5.1.6-27.el5_6.4.ia64.rpm php-mbstring-5.1.6-27.el5_6.4.ia64.rpm php-mysql-5.1.6-27.el5_6.4.ia64.rpm php-ncurses-5.1.6-27.el5_6.4.ia64.rpm php-odbc-5.1.6-27.el5_6.4.ia64.rpm php-pdo-5.1.6-27.el5_6.4.ia64.rpm php-pgsql-5.1.6-27.el5_6.4.ia64.rpm php-snmp-5.1.6-27.el5_6.4.ia64.rpm php-soap-5.1.6-27.el5_6.4.ia64.rpm php-xml-5.1.6-27.el5_6.4.ia64.rpm php-xmlrpc-5.1.6-27.el5_6.4.ia64.rpm
ppc: php-5.1.6-27.el5_6.4.ppc.rpm php-bcmath-5.1.6-27.el5_6.4.ppc.rpm php-cli-5.1.6-27.el5_6.4.ppc.rpm php-common-5.1.6-27.el5_6.4.ppc.rpm php-dba-5.1.6-27.el5_6.4.ppc.rpm php-debuginfo-5.1.6-27.el5_6.4.ppc.rpm php-devel-5.1.6-27.el5_6.4.ppc.rpm php-gd-5.1.6-27.el5_6.4.ppc.rpm php-imap-5.1.6-27.el5_6.4.ppc.rpm php-ldap-5.1.6-27.el5_6.4.ppc.rpm php-mbstring-5.1.6-27.el5_6.4.ppc.rpm php-mysql-5.1.6-27.el5_6.4.ppc.rpm php-ncurses-5.1.6-27.el5_6.4.ppc.rpm php-odbc-5.1.6-27.el5_6.4.ppc.rpm php-pdo-5.1.6-27.el5_6.4.ppc.rpm php-pgsql-5.1.6-27.el5_6.4.ppc.rpm php-snmp-5.1.6-27.el5_6.4.ppc.rpm php-soap-5.1.6-27.el5_6.4.ppc.rpm php-xml-5.1.6-27.el5_6.4.ppc.rpm php-xmlrpc-5.1.6-27.el5_6.4.ppc.rpm
s390x: php-5.1.6-27.el5_6.4.s390x.rpm php-bcmath-5.1.6-27.el5_6.4.s390x.rpm php-cli-5.1.6-27.el5_6.4.s390x.rpm php-common-5.1.6-27.el5_6.4.s390x.rpm php-dba-5.1.6-27.el5_6.4.s390x.rpm php-debuginfo-5.1.6-27.el5_6.4.s390x.rpm php-devel-5.1.6-27.el5_6.4.s390x.rpm php-gd-5.1.6-27.el5_6.4.s390x.rpm php-imap-5.1.6-27.el5_6.4.s390x.rpm php-ldap-5.1.6-27.el5_6.4.s390x.rpm php-mbstring-5.1.6-27.el5_6.4.s390x.rpm php-mysql-5.1.6-27.el5_6.4.s390x.rpm php-ncurses-5.1.6-27.el5_6.4.s390x.rpm php-odbc-5.1.6-27.el5_6.4.s390x.rpm php-pdo-5.1.6-27.el5_6.4.s390x.rpm php-pgsql-5.1.6-27.el5_6.4.s390x.rpm php-snmp-5.1.6-27.el5_6.4.s390x.rpm php-soap-5.1.6-27.el5_6.4.s390x.rpm php-xml-5.1.6-27.el5_6.4.s390x.rpm php-xmlrpc-5.1.6-27.el5_6.4.s390x.rpm
x86_64: php-5.1.6-27.el5_6.4.x86_64.rpm php-bcmath-5.1.6-27.el5_6.4.x86_64.rpm php-cli-5.1.6-27.el5_6.4.x86_64.rpm php-common-5.1.6-27.el5_6.4.x86_64.rpm php-dba-5.1.6-27.el5_6.4.x86_64.rpm php-debuginfo-5.1.6-27.el5_6.4.x86_64.rpm php-devel-5.1.6-27.el5_6.4.x86_64.rpm php-gd-5.1.6-27.el5_6.4.x86_64.rpm php-imap-5.1.6-27.el5_6.4.x86_64.rpm php-ldap-5.1.6-27.el5_6.4.x86_64.rpm php-mbstring-5.1.6-27.el5_6.4.x86_64.rpm php-mysql-5.1.6-27.el5_6.4.x86_64.rpm php-ncurses-5.1.6-27.el5_6.4.x86_64.rpm php-odbc-5.1.6-27.el5_6.4.x86_64.rpm php-pdo-5.1.6-27.el5_6.4.x86_64.rpm php-pgsql-5.1.6-27.el5_6.4.x86_64.rpm php-snmp-5.1.6-27.el5_6.4.x86_64.rpm php-soap-5.1.6-27.el5_6.4.x86_64.rpm php-xml-5.1.6-27.el5_6.4.x86_64.rpm php-xmlrpc-5.1.6-27.el5_6.4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.0):
Source: php-5.3.2-6.el6_0.2.src.rpm
i386: php-5.3.2-6.el6_0.2.i686.rpm php-cli-5.3.2-6.el6_0.2.i686.rpm php-common-5.3.2-6.el6_0.2.i686.rpm php-debuginfo-5.3.2-6.el6_0.2.i686.rpm php-gd-5.3.2-6.el6_0.2.i686.rpm php-ldap-5.3.2-6.el6_0.2.i686.rpm php-mysql-5.3.2-6.el6_0.2.i686.rpm php-odbc-5.3.2-6.el6_0.2.i686.rpm php-pdo-5.3.2-6.el6_0.2.i686.rpm php-pgsql-5.3.2-6.el6_0.2.i686.rpm php-soap-5.3.2-6.el6_0.2.i686.rpm php-xml-5.3.2-6.el6_0.2.i686.rpm php-xmlrpc-5.3.2-6.el6_0.2.i686.rpm
ppc64: php-5.3.2-6.el6_0.2.ppc64.rpm php-cli-5.3.2-6.el6_0.2.ppc64.rpm php-common-5.3.2-6.el6_0.2.ppc64.rpm php-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm php-gd-5.3.2-6.el6_0.2.ppc64.rpm php-ldap-5.3.2-6.el6_0.2.ppc64.rpm php-mysql-5.3.2-6.el6_0.2.ppc64.rpm php-odbc-5.3.2-6.el6_0.2.ppc64.rpm php-pdo-5.3.2-6.el6_0.2.ppc64.rpm php-pgsql-5.3.2-6.el6_0.2.ppc64.rpm php-soap-5.3.2-6.el6_0.2.ppc64.rpm php-xml-5.3.2-6.el6_0.2.ppc64.rpm php-xmlrpc-5.3.2-6.el6_0.2.ppc64.rpm
s390x: php-5.3.2-6.el6_0.2.s390x.rpm php-cli-5.3.2-6.el6_0.2.s390x.rpm php-common-5.3.2-6.el6_0.2.s390x.rpm php-debuginfo-5.3.2-6.el6_0.2.s390x.rpm php-gd-5.3.2-6.el6_0.2.s390x.rpm php-ldap-5.3.2-6.el6_0.2.s390x.rpm php-mysql-5.3.2-6.el6_0.2.s390x.rpm php-odbc-5.3.2-6.el6_0.2.s390x.rpm php-pdo-5.3.2-6.el6_0.2.s390x.rpm php-pgsql-5.3.2-6.el6_0.2.s390x.rpm php-soap-5.3.2-6.el6_0.2.s390x.rpm php-xml-5.3.2-6.el6_0.2.s390x.rpm php-xmlrpc-5.3.2-6.el6_0.2.s390x.rpm
x86_64: php-5.3.2-6.el6_0.2.x86_64.rpm php-cli-5.3.2-6.el6_0.2.x86_64.rpm php-common-5.3.2-6.el6_0.2.x86_64.rpm php-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm php-gd-5.3.2-6.el6_0.2.x86_64.rpm php-ldap-5.3.2-6.el6_0.2.x86_64.rpm php-mysql-5.3.2-6.el6_0.2.x86_64.rpm php-odbc-5.3.2-6.el6_0.2.x86_64.rpm php-pdo-5.3.2-6.el6_0.2.x86_64.rpm php-pgsql-5.3.2-6.el6_0.2.x86_64.rpm php-soap-5.3.2-6.el6_0.2.x86_64.rpm php-xml-5.3.2-6.el6_0.2.x86_64.rpm php-xmlrpc-5.3.2-6.el6_0.2.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.1):
Source: php-5.3.3-3.el6_1.4.src.rpm
i386: php-5.3.3-3.el6_1.4.i686.rpm php-cli-5.3.3-3.el6_1.4.i686.rpm php-common-5.3.3-3.el6_1.4.i686.rpm php-debuginfo-5.3.3-3.el6_1.4.i686.rpm php-gd-5.3.3-3.el6_1.4.i686.rpm php-ldap-5.3.3-3.el6_1.4.i686.rpm php-mysql-5.3.3-3.el6_1.4.i686.rpm php-odbc-5.3.3-3.el6_1.4.i686.rpm php-pdo-5.3.3-3.el6_1.4.i686.rpm php-pgsql-5.3.3-3.el6_1.4.i686.rpm php-soap-5.3.3-3.el6_1.4.i686.rpm php-xml-5.3.3-3.el6_1.4.i686.rpm php-xmlrpc-5.3.3-3.el6_1.4.i686.rpm
ppc64: php-5.3.3-3.el6_1.4.ppc64.rpm php-cli-5.3.3-3.el6_1.4.ppc64.rpm php-common-5.3.3-3.el6_1.4.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm php-gd-5.3.3-3.el6_1.4.ppc64.rpm php-ldap-5.3.3-3.el6_1.4.ppc64.rpm php-mysql-5.3.3-3.el6_1.4.ppc64.rpm php-odbc-5.3.3-3.el6_1.4.ppc64.rpm php-pdo-5.3.3-3.el6_1.4.ppc64.rpm php-pgsql-5.3.3-3.el6_1.4.ppc64.rpm php-soap-5.3.3-3.el6_1.4.ppc64.rpm php-xml-5.3.3-3.el6_1.4.ppc64.rpm php-xmlrpc-5.3.3-3.el6_1.4.ppc64.rpm
s390x: php-5.3.3-3.el6_1.4.s390x.rpm php-cli-5.3.3-3.el6_1.4.s390x.rpm php-common-5.3.3-3.el6_1.4.s390x.rpm php-debuginfo-5.3.3-3.el6_1.4.s390x.rpm php-gd-5.3.3-3.el6_1.4.s390x.rpm php-ldap-5.3.3-3.el6_1.4.s390x.rpm php-mysql-5.3.3-3.el6_1.4.s390x.rpm php-odbc-5.3.3-3.el6_1.4.s390x.rpm php-pdo-5.3.3-3.el6_1.4.s390x.rpm php-pgsql-5.3.3-3.el6_1.4.s390x.rpm php-soap-5.3.3-3.el6_1.4.s390x.rpm php-xml-5.3.3-3.el6_1.4.s390x.rpm php-xmlrpc-5.3.3-3.el6_1.4.s390x.rpm
x86_64: php-5.3.3-3.el6_1.4.x86_64.rpm php-cli-5.3.3-3.el6_1.4.x86_64.rpm php-common-5.3.3-3.el6_1.4.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm php-gd-5.3.3-3.el6_1.4.x86_64.rpm php-ldap-5.3.3-3.el6_1.4.x86_64.rpm php-mysql-5.3.3-3.el6_1.4.x86_64.rpm php-odbc-5.3.3-3.el6_1.4.x86_64.rpm php-pdo-5.3.3-3.el6_1.4.x86_64.rpm php-pgsql-5.3.3-3.el6_1.4.x86_64.rpm php-soap-5.3.3-3.el6_1.4.x86_64.rpm php-xml-5.3.3-3.el6_1.4.x86_64.rpm php-xmlrpc-5.3.3-3.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.0):
Source: php-5.3.2-6.el6_0.2.src.rpm
i386: php-bcmath-5.3.2-6.el6_0.2.i686.rpm php-dba-5.3.2-6.el6_0.2.i686.rpm php-debuginfo-5.3.2-6.el6_0.2.i686.rpm php-devel-5.3.2-6.el6_0.2.i686.rpm php-embedded-5.3.2-6.el6_0.2.i686.rpm php-enchant-5.3.2-6.el6_0.2.i686.rpm php-imap-5.3.2-6.el6_0.2.i686.rpm php-intl-5.3.2-6.el6_0.2.i686.rpm php-mbstring-5.3.2-6.el6_0.2.i686.rpm php-process-5.3.2-6.el6_0.2.i686.rpm php-pspell-5.3.2-6.el6_0.2.i686.rpm php-recode-5.3.2-6.el6_0.2.i686.rpm php-snmp-5.3.2-6.el6_0.2.i686.rpm php-tidy-5.3.2-6.el6_0.2.i686.rpm php-zts-5.3.2-6.el6_0.2.i686.rpm
ppc64: php-bcmath-5.3.2-6.el6_0.2.ppc64.rpm php-dba-5.3.2-6.el6_0.2.ppc64.rpm php-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm php-devel-5.3.2-6.el6_0.2.ppc64.rpm php-embedded-5.3.2-6.el6_0.2.ppc64.rpm php-enchant-5.3.2-6.el6_0.2.ppc64.rpm php-imap-5.3.2-6.el6_0.2.ppc64.rpm php-intl-5.3.2-6.el6_0.2.ppc64.rpm php-mbstring-5.3.2-6.el6_0.2.ppc64.rpm php-process-5.3.2-6.el6_0.2.ppc64.rpm php-pspell-5.3.2-6.el6_0.2.ppc64.rpm php-recode-5.3.2-6.el6_0.2.ppc64.rpm php-snmp-5.3.2-6.el6_0.2.ppc64.rpm php-tidy-5.3.2-6.el6_0.2.ppc64.rpm php-zts-5.3.2-6.el6_0.2.ppc64.rpm
s390x: php-bcmath-5.3.2-6.el6_0.2.s390x.rpm php-dba-5.3.2-6.el6_0.2.s390x.rpm php-debuginfo-5.3.2-6.el6_0.2.s390x.rpm php-devel-5.3.2-6.el6_0.2.s390x.rpm php-embedded-5.3.2-6.el6_0.2.s390x.rpm php-enchant-5.3.2-6.el6_0.2.s390x.rpm php-imap-5.3.2-6.el6_0.2.s390x.rpm php-intl-5.3.2-6.el6_0.2.s390x.rpm php-mbstring-5.3.2-6.el6_0.2.s390x.rpm php-process-5.3.2-6.el6_0.2.s390x.rpm php-pspell-5.3.2-6.el6_0.2.s390x.rpm php-recode-5.3.2-6.el6_0.2.s390x.rpm php-snmp-5.3.2-6.el6_0.2.s390x.rpm php-tidy-5.3.2-6.el6_0.2.s390x.rpm php-zts-5.3.2-6.el6_0.2.s390x.rpm
x86_64: php-bcmath-5.3.2-6.el6_0.2.x86_64.rpm php-dba-5.3.2-6.el6_0.2.x86_64.rpm php-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm php-devel-5.3.2-6.el6_0.2.x86_64.rpm php-embedded-5.3.2-6.el6_0.2.x86_64.rpm php-enchant-5.3.2-6.el6_0.2.x86_64.rpm php-imap-5.3.2-6.el6_0.2.x86_64.rpm php-intl-5.3.2-6.el6_0.2.x86_64.rpm php-mbstring-5.3.2-6.el6_0.2.x86_64.rpm php-process-5.3.2-6.el6_0.2.x86_64.rpm php-pspell-5.3.2-6.el6_0.2.x86_64.rpm php-recode-5.3.2-6.el6_0.2.x86_64.rpm php-snmp-5.3.2-6.el6_0.2.x86_64.rpm php-tidy-5.3.2-6.el6_0.2.x86_64.rpm php-zts-5.3.2-6.el6_0.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.1):
Source: php-5.3.3-3.el6_1.4.src.rpm
i386: php-bcmath-5.3.3-3.el6_1.4.i686.rpm php-dba-5.3.3-3.el6_1.4.i686.rpm php-debuginfo-5.3.3-3.el6_1.4.i686.rpm php-devel-5.3.3-3.el6_1.4.i686.rpm php-embedded-5.3.3-3.el6_1.4.i686.rpm php-enchant-5.3.3-3.el6_1.4.i686.rpm php-imap-5.3.3-3.el6_1.4.i686.rpm php-intl-5.3.3-3.el6_1.4.i686.rpm php-mbstring-5.3.3-3.el6_1.4.i686.rpm php-process-5.3.3-3.el6_1.4.i686.rpm php-pspell-5.3.3-3.el6_1.4.i686.rpm php-recode-5.3.3-3.el6_1.4.i686.rpm php-snmp-5.3.3-3.el6_1.4.i686.rpm php-tidy-5.3.3-3.el6_1.4.i686.rpm php-zts-5.3.3-3.el6_1.4.i686.rpm
ppc64: php-bcmath-5.3.3-3.el6_1.4.ppc64.rpm php-dba-5.3.3-3.el6_1.4.ppc64.rpm php-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm php-devel-5.3.3-3.el6_1.4.ppc64.rpm php-embedded-5.3.3-3.el6_1.4.ppc64.rpm php-enchant-5.3.3-3.el6_1.4.ppc64.rpm php-imap-5.3.3-3.el6_1.4.ppc64.rpm php-intl-5.3.3-3.el6_1.4.ppc64.rpm php-mbstring-5.3.3-3.el6_1.4.ppc64.rpm php-process-5.3.3-3.el6_1.4.ppc64.rpm php-pspell-5.3.3-3.el6_1.4.ppc64.rpm php-recode-5.3.3-3.el6_1.4.ppc64.rpm php-snmp-5.3.3-3.el6_1.4.ppc64.rpm php-tidy-5.3.3-3.el6_1.4.ppc64.rpm php-zts-5.3.3-3.el6_1.4.ppc64.rpm
s390x: php-bcmath-5.3.3-3.el6_1.4.s390x.rpm php-dba-5.3.3-3.el6_1.4.s390x.rpm php-debuginfo-5.3.3-3.el6_1.4.s390x.rpm php-devel-5.3.3-3.el6_1.4.s390x.rpm php-embedded-5.3.3-3.el6_1.4.s390x.rpm php-enchant-5.3.3-3.el6_1.4.s390x.rpm php-imap-5.3.3-3.el6_1.4.s390x.rpm php-intl-5.3.3-3.el6_1.4.s390x.rpm php-mbstring-5.3.3-3.el6_1.4.s390x.rpm php-process-5.3.3-3.el6_1.4.s390x.rpm php-pspell-5.3.3-3.el6_1.4.s390x.rpm php-recode-5.3.3-3.el6_1.4.s390x.rpm php-snmp-5.3.3-3.el6_1.4.s390x.rpm php-tidy-5.3.3-3.el6_1.4.s390x.rpm php-zts-5.3.3-3.el6_1.4.s390x.rpm
x86_64: php-bcmath-5.3.3-3.el6_1.4.x86_64.rpm php-dba-5.3.3-3.el6_1.4.x86_64.rpm php-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm php-devel-5.3.3-3.el6_1.4.x86_64.rpm php-embedded-5.3.3-3.el6_1.4.x86_64.rpm php-enchant-5.3.3-3.el6_1.4.x86_64.rpm php-imap-5.3.3-3.el6_1.4.x86_64.rpm php-intl-5.3.3-3.el6_1.4.x86_64.rpm php-mbstring-5.3.3-3.el6_1.4.x86_64.rpm php-process-5.3.3-3.el6_1.4.x86_64.rpm php-pspell-5.3.3-3.el6_1.4.x86_64.rpm php-recode-5.3.3-3.el6_1.4.x86_64.rpm php-snmp-5.3.3-3.el6_1.4.x86_64.rpm php-tidy-5.3.3-3.el6_1.4.x86_64.rpm php-zts-5.3.3-3.el6_1.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2012-1823.html https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPq+BrXlSAg2UNWIIRAlkPAJ99QQuun9ljsbFTsnMoLAbItDTJUQCggigr NQJBwTDuCJX2FNa8cSIcWCY= =s0aa -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012
php5 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1
Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7
Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8
Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15
Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "b.11.23"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.8"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "b.11.31"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.1"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.8.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.3.12"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "gluster storage server for on-premise",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.6"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.1"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "application stack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.8.2"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.4.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.4.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.3"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "storage for public cloud",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "39"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "40"
},
{
"model": "storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": "php",
"scope": "lt",
"trust": 0.8,
"vendor": "the php group",
"version": "version 5.3.12 earlier"
},
{
"model": "php",
"scope": "lt",
"trust": 0.8,
"vendor": "the php group",
"version": "version 5.4.2 earlier"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8 and v10.8.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4"
},
{
"model": "garoon",
"scope": "eq",
"trust": 0.8,
"vendor": "cybozu",
"version": "3.1.0 to 3.1.3"
},
{
"model": "garoon",
"scope": "eq",
"trust": 0.8,
"vendor": "cybozu",
"version": "3.5.0 to 3.5.1"
},
{
"model": "plesk panel",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "9.5.4"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.1"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.8"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux enterprise server sp3 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "enterprise linux server eus 6.1.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.3"
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.10"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.6"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.3"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "plesk panel",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "9.3"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ctpview 7.0r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "lotus foundations start 1.2.2b",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "enterprise linux eus 5.6.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.4.2"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "lotus foundations start 1.2.2a",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.3"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.6"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "110"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.4"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.12"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.4"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.7"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "linux enterprise server for vmware sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "plesk panel",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.4.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"model": "plesk panel",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "8.6"
},
{
"model": "plesk panel",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "9.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "lotus foundations start",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "php",
"scope": "ne",
"trust": 0.3,
"vendor": "php",
"version": "5.3.13"
}
],
"sources": [
{
"db": "BID",
"id": "53388"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.3.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "De Eindbazen",
"sources": [
{
"db": "BID",
"id": "53388"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-1823",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1823",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2012-1823",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2012-1823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the \u0027d\u0027 case. PHP is prone to an information-disclosure vulnerability. \nExploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nUbuntu update for php\n\nSECUNIA ADVISORY ID:\nSA49097\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49097/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097\n\nRELEASE DATE:\n2012-05-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49097/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49097/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nUbuntu has issued an update for php. This fixes a vulnerability,\nwhich can be exploited by malicious people to disclose certain\nsensitive information or compromise a vulnerable system. \n\nFor more information:\nSA49014\n\nSOLUTION:\nApply updated packages. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nORIGINAL ADVISORY:\nUSN-1437-1:\nhttp://www.ubuntu.com/usn/usn-1437-1/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nAdditionally, this update fixes insufficient validation of upload\nname which lead to corrupted $_FILES indices. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze9. \n\nThe testing distribution (wheezy) will be fixed soon. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.4.3-1. \n\nWe recommend that you upgrade your php5 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03368475\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03368475\nVersion: 1\n\nHPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote\nExecution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-14\nLast Updated: 2012-06-14\n\nPotential Security Impact: Remote execution of arbitrary code, privilege\nelevation, or Denial of Service (DoS). \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Web\nServer running PHP. These vulnerabilities could be exploited remotely to\nexecute arbitrary code, elevate privileges, or create a Denial of Service\n(DoS). \n\nReferences: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172,\nCVE-2012-1823, CVE-2012-2311\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier\n\nBACKGROUND\nFor a PGP signed\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2012-1172 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\nCVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \nThe updates are available for download from http://software.hp.com\n\nHP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17\nHP-UX 11i Release\n Apache Depot name\n\nB.11.23 (32-bit)\n HPUXWS22ATW-B324-32\n\nB.11.23 (64-bit)\n HPUXWS22ATW-B324-64\n\nB.11.31 (32-bit)\n HPUXWS22ATW-B324-32\n\nB.11.31 (64-bit)\n HPUXWS22ATW-B324-64\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.24 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \nHP-UX Web Server Suite v3.24\nAFFECTED VERSIONS\n\nHP-UX B.11.23\n==============\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.15.13 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\n\naction: install revision B.2.2.15.13 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 14 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: php security update\nAdvisory ID: RHSA-2012:0568-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0568.html\nIssue date: 2012-05-10\nCVE Names: CVE-2012-1823 \n=====================================================================\n\n1. Summary:\n\nUpdated php packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6,\n6.0 and 6.1 Extended Update Support. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.0) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.1) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.0) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.1) - i386, ppc64, s390x, x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nA flaw was found in the way the php-cgi executable processed command line\narguments when running in CGI mode. This\ncould lead to the disclosure of the script\u0027s source code or arbitrary code\nexecution with the privileges of the PHP interpreter. (CVE-2012-1823)\n\nRed Hat is aware that a public exploit for this issue is available that\nallows remote code execution in affected PHP CGI configurations. This flaw\ndoes not affect the default configuration in Red Hat Enterprise Linux 5 and\n6 using the PHP module for Apache httpd to handle PHP scripts. \n\nAll php users should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827)\n\n6. Package List:\n\nRed Hat Enterprise Linux Long Life (v. 5.3 server):\n\nSource:\nphp-5.1.6-23.3.el5_3.src.rpm\n\ni386:\nphp-5.1.6-23.3.el5_3.i386.rpm\nphp-bcmath-5.1.6-23.3.el5_3.i386.rpm\nphp-cli-5.1.6-23.3.el5_3.i386.rpm\nphp-common-5.1.6-23.3.el5_3.i386.rpm\nphp-dba-5.1.6-23.3.el5_3.i386.rpm\nphp-debuginfo-5.1.6-23.3.el5_3.i386.rpm\nphp-devel-5.1.6-23.3.el5_3.i386.rpm\nphp-gd-5.1.6-23.3.el5_3.i386.rpm\nphp-imap-5.1.6-23.3.el5_3.i386.rpm\nphp-ldap-5.1.6-23.3.el5_3.i386.rpm\nphp-mbstring-5.1.6-23.3.el5_3.i386.rpm\nphp-mysql-5.1.6-23.3.el5_3.i386.rpm\nphp-ncurses-5.1.6-23.3.el5_3.i386.rpm\nphp-odbc-5.1.6-23.3.el5_3.i386.rpm\nphp-pdo-5.1.6-23.3.el5_3.i386.rpm\nphp-pgsql-5.1.6-23.3.el5_3.i386.rpm\nphp-snmp-5.1.6-23.3.el5_3.i386.rpm\nphp-soap-5.1.6-23.3.el5_3.i386.rpm\nphp-xml-5.1.6-23.3.el5_3.i386.rpm\nphp-xmlrpc-5.1.6-23.3.el5_3.i386.rpm\n\nia64:\nphp-5.1.6-23.3.el5_3.ia64.rpm\nphp-bcmath-5.1.6-23.3.el5_3.ia64.rpm\nphp-cli-5.1.6-23.3.el5_3.ia64.rpm\nphp-common-5.1.6-23.3.el5_3.ia64.rpm\nphp-dba-5.1.6-23.3.el5_3.ia64.rpm\nphp-debuginfo-5.1.6-23.3.el5_3.ia64.rpm\nphp-devel-5.1.6-23.3.el5_3.ia64.rpm\nphp-gd-5.1.6-23.3.el5_3.ia64.rpm\nphp-imap-5.1.6-23.3.el5_3.ia64.rpm\nphp-ldap-5.1.6-23.3.el5_3.ia64.rpm\nphp-mbstring-5.1.6-23.3.el5_3.ia64.rpm\nphp-mysql-5.1.6-23.3.el5_3.ia64.rpm\nphp-ncurses-5.1.6-23.3.el5_3.ia64.rpm\nphp-odbc-5.1.6-23.3.el5_3.ia64.rpm\nphp-pdo-5.1.6-23.3.el5_3.ia64.rpm\nphp-pgsql-5.1.6-23.3.el5_3.ia64.rpm\nphp-snmp-5.1.6-23.3.el5_3.ia64.rpm\nphp-soap-5.1.6-23.3.el5_3.ia64.rpm\nphp-xml-5.1.6-23.3.el5_3.ia64.rpm\nphp-xmlrpc-5.1.6-23.3.el5_3.ia64.rpm\n\nx86_64:\nphp-5.1.6-23.3.el5_3.x86_64.rpm\nphp-bcmath-5.1.6-23.3.el5_3.x86_64.rpm\nphp-cli-5.1.6-23.3.el5_3.x86_64.rpm\nphp-common-5.1.6-23.3.el5_3.x86_64.rpm\nphp-dba-5.1.6-23.3.el5_3.x86_64.rpm\nphp-debuginfo-5.1.6-23.3.el5_3.x86_64.rpm\nphp-devel-5.1.6-23.3.el5_3.x86_64.rpm\nphp-gd-5.1.6-23.3.el5_3.x86_64.rpm\nphp-imap-5.1.6-23.3.el5_3.x86_64.rpm\nphp-ldap-5.1.6-23.3.el5_3.x86_64.rpm\nphp-mbstring-5.1.6-23.3.el5_3.x86_64.rpm\nphp-mysql-5.1.6-23.3.el5_3.x86_64.rpm\nphp-ncurses-5.1.6-23.3.el5_3.x86_64.rpm\nphp-odbc-5.1.6-23.3.el5_3.x86_64.rpm\nphp-pdo-5.1.6-23.3.el5_3.x86_64.rpm\nphp-pgsql-5.1.6-23.3.el5_3.x86_64.rpm\nphp-snmp-5.1.6-23.3.el5_3.x86_64.rpm\nphp-soap-5.1.6-23.3.el5_3.x86_64.rpm\nphp-xml-5.1.6-23.3.el5_3.x86_64.rpm\nphp-xmlrpc-5.1.6-23.3.el5_3.x86_64.rpm\n\nRed Hat Enterprise Linux EUS (v. 5.6 server):\n\nSource:\nphp-5.1.6-27.el5_6.4.src.rpm\n\ni386:\nphp-5.1.6-27.el5_6.4.i386.rpm\nphp-bcmath-5.1.6-27.el5_6.4.i386.rpm\nphp-cli-5.1.6-27.el5_6.4.i386.rpm\nphp-common-5.1.6-27.el5_6.4.i386.rpm\nphp-dba-5.1.6-27.el5_6.4.i386.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.i386.rpm\nphp-devel-5.1.6-27.el5_6.4.i386.rpm\nphp-gd-5.1.6-27.el5_6.4.i386.rpm\nphp-imap-5.1.6-27.el5_6.4.i386.rpm\nphp-ldap-5.1.6-27.el5_6.4.i386.rpm\nphp-mbstring-5.1.6-27.el5_6.4.i386.rpm\nphp-mysql-5.1.6-27.el5_6.4.i386.rpm\nphp-ncurses-5.1.6-27.el5_6.4.i386.rpm\nphp-odbc-5.1.6-27.el5_6.4.i386.rpm\nphp-pdo-5.1.6-27.el5_6.4.i386.rpm\nphp-pgsql-5.1.6-27.el5_6.4.i386.rpm\nphp-snmp-5.1.6-27.el5_6.4.i386.rpm\nphp-soap-5.1.6-27.el5_6.4.i386.rpm\nphp-xml-5.1.6-27.el5_6.4.i386.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.i386.rpm\n\nia64:\nphp-5.1.6-27.el5_6.4.ia64.rpm\nphp-bcmath-5.1.6-27.el5_6.4.ia64.rpm\nphp-cli-5.1.6-27.el5_6.4.ia64.rpm\nphp-common-5.1.6-27.el5_6.4.ia64.rpm\nphp-dba-5.1.6-27.el5_6.4.ia64.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.ia64.rpm\nphp-devel-5.1.6-27.el5_6.4.ia64.rpm\nphp-gd-5.1.6-27.el5_6.4.ia64.rpm\nphp-imap-5.1.6-27.el5_6.4.ia64.rpm\nphp-ldap-5.1.6-27.el5_6.4.ia64.rpm\nphp-mbstring-5.1.6-27.el5_6.4.ia64.rpm\nphp-mysql-5.1.6-27.el5_6.4.ia64.rpm\nphp-ncurses-5.1.6-27.el5_6.4.ia64.rpm\nphp-odbc-5.1.6-27.el5_6.4.ia64.rpm\nphp-pdo-5.1.6-27.el5_6.4.ia64.rpm\nphp-pgsql-5.1.6-27.el5_6.4.ia64.rpm\nphp-snmp-5.1.6-27.el5_6.4.ia64.rpm\nphp-soap-5.1.6-27.el5_6.4.ia64.rpm\nphp-xml-5.1.6-27.el5_6.4.ia64.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.ia64.rpm\n\nppc:\nphp-5.1.6-27.el5_6.4.ppc.rpm\nphp-bcmath-5.1.6-27.el5_6.4.ppc.rpm\nphp-cli-5.1.6-27.el5_6.4.ppc.rpm\nphp-common-5.1.6-27.el5_6.4.ppc.rpm\nphp-dba-5.1.6-27.el5_6.4.ppc.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.ppc.rpm\nphp-devel-5.1.6-27.el5_6.4.ppc.rpm\nphp-gd-5.1.6-27.el5_6.4.ppc.rpm\nphp-imap-5.1.6-27.el5_6.4.ppc.rpm\nphp-ldap-5.1.6-27.el5_6.4.ppc.rpm\nphp-mbstring-5.1.6-27.el5_6.4.ppc.rpm\nphp-mysql-5.1.6-27.el5_6.4.ppc.rpm\nphp-ncurses-5.1.6-27.el5_6.4.ppc.rpm\nphp-odbc-5.1.6-27.el5_6.4.ppc.rpm\nphp-pdo-5.1.6-27.el5_6.4.ppc.rpm\nphp-pgsql-5.1.6-27.el5_6.4.ppc.rpm\nphp-snmp-5.1.6-27.el5_6.4.ppc.rpm\nphp-soap-5.1.6-27.el5_6.4.ppc.rpm\nphp-xml-5.1.6-27.el5_6.4.ppc.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.ppc.rpm\n\ns390x:\nphp-5.1.6-27.el5_6.4.s390x.rpm\nphp-bcmath-5.1.6-27.el5_6.4.s390x.rpm\nphp-cli-5.1.6-27.el5_6.4.s390x.rpm\nphp-common-5.1.6-27.el5_6.4.s390x.rpm\nphp-dba-5.1.6-27.el5_6.4.s390x.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.s390x.rpm\nphp-devel-5.1.6-27.el5_6.4.s390x.rpm\nphp-gd-5.1.6-27.el5_6.4.s390x.rpm\nphp-imap-5.1.6-27.el5_6.4.s390x.rpm\nphp-ldap-5.1.6-27.el5_6.4.s390x.rpm\nphp-mbstring-5.1.6-27.el5_6.4.s390x.rpm\nphp-mysql-5.1.6-27.el5_6.4.s390x.rpm\nphp-ncurses-5.1.6-27.el5_6.4.s390x.rpm\nphp-odbc-5.1.6-27.el5_6.4.s390x.rpm\nphp-pdo-5.1.6-27.el5_6.4.s390x.rpm\nphp-pgsql-5.1.6-27.el5_6.4.s390x.rpm\nphp-snmp-5.1.6-27.el5_6.4.s390x.rpm\nphp-soap-5.1.6-27.el5_6.4.s390x.rpm\nphp-xml-5.1.6-27.el5_6.4.s390x.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.s390x.rpm\n\nx86_64:\nphp-5.1.6-27.el5_6.4.x86_64.rpm\nphp-bcmath-5.1.6-27.el5_6.4.x86_64.rpm\nphp-cli-5.1.6-27.el5_6.4.x86_64.rpm\nphp-common-5.1.6-27.el5_6.4.x86_64.rpm\nphp-dba-5.1.6-27.el5_6.4.x86_64.rpm\nphp-debuginfo-5.1.6-27.el5_6.4.x86_64.rpm\nphp-devel-5.1.6-27.el5_6.4.x86_64.rpm\nphp-gd-5.1.6-27.el5_6.4.x86_64.rpm\nphp-imap-5.1.6-27.el5_6.4.x86_64.rpm\nphp-ldap-5.1.6-27.el5_6.4.x86_64.rpm\nphp-mbstring-5.1.6-27.el5_6.4.x86_64.rpm\nphp-mysql-5.1.6-27.el5_6.4.x86_64.rpm\nphp-ncurses-5.1.6-27.el5_6.4.x86_64.rpm\nphp-odbc-5.1.6-27.el5_6.4.x86_64.rpm\nphp-pdo-5.1.6-27.el5_6.4.x86_64.rpm\nphp-pgsql-5.1.6-27.el5_6.4.x86_64.rpm\nphp-snmp-5.1.6-27.el5_6.4.x86_64.rpm\nphp-soap-5.1.6-27.el5_6.4.x86_64.rpm\nphp-xml-5.1.6-27.el5_6.4.x86_64.rpm\nphp-xmlrpc-5.1.6-27.el5_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.0):\n\nSource:\nphp-5.3.2-6.el6_0.2.src.rpm\n\ni386:\nphp-5.3.2-6.el6_0.2.i686.rpm\nphp-cli-5.3.2-6.el6_0.2.i686.rpm\nphp-common-5.3.2-6.el6_0.2.i686.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.i686.rpm\nphp-gd-5.3.2-6.el6_0.2.i686.rpm\nphp-ldap-5.3.2-6.el6_0.2.i686.rpm\nphp-mysql-5.3.2-6.el6_0.2.i686.rpm\nphp-odbc-5.3.2-6.el6_0.2.i686.rpm\nphp-pdo-5.3.2-6.el6_0.2.i686.rpm\nphp-pgsql-5.3.2-6.el6_0.2.i686.rpm\nphp-soap-5.3.2-6.el6_0.2.i686.rpm\nphp-xml-5.3.2-6.el6_0.2.i686.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.i686.rpm\n\nppc64:\nphp-5.3.2-6.el6_0.2.ppc64.rpm\nphp-cli-5.3.2-6.el6_0.2.ppc64.rpm\nphp-common-5.3.2-6.el6_0.2.ppc64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm\nphp-gd-5.3.2-6.el6_0.2.ppc64.rpm\nphp-ldap-5.3.2-6.el6_0.2.ppc64.rpm\nphp-mysql-5.3.2-6.el6_0.2.ppc64.rpm\nphp-odbc-5.3.2-6.el6_0.2.ppc64.rpm\nphp-pdo-5.3.2-6.el6_0.2.ppc64.rpm\nphp-pgsql-5.3.2-6.el6_0.2.ppc64.rpm\nphp-soap-5.3.2-6.el6_0.2.ppc64.rpm\nphp-xml-5.3.2-6.el6_0.2.ppc64.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.ppc64.rpm\n\ns390x:\nphp-5.3.2-6.el6_0.2.s390x.rpm\nphp-cli-5.3.2-6.el6_0.2.s390x.rpm\nphp-common-5.3.2-6.el6_0.2.s390x.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.s390x.rpm\nphp-gd-5.3.2-6.el6_0.2.s390x.rpm\nphp-ldap-5.3.2-6.el6_0.2.s390x.rpm\nphp-mysql-5.3.2-6.el6_0.2.s390x.rpm\nphp-odbc-5.3.2-6.el6_0.2.s390x.rpm\nphp-pdo-5.3.2-6.el6_0.2.s390x.rpm\nphp-pgsql-5.3.2-6.el6_0.2.s390x.rpm\nphp-soap-5.3.2-6.el6_0.2.s390x.rpm\nphp-xml-5.3.2-6.el6_0.2.s390x.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.s390x.rpm\n\nx86_64:\nphp-5.3.2-6.el6_0.2.x86_64.rpm\nphp-cli-5.3.2-6.el6_0.2.x86_64.rpm\nphp-common-5.3.2-6.el6_0.2.x86_64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm\nphp-gd-5.3.2-6.el6_0.2.x86_64.rpm\nphp-ldap-5.3.2-6.el6_0.2.x86_64.rpm\nphp-mysql-5.3.2-6.el6_0.2.x86_64.rpm\nphp-odbc-5.3.2-6.el6_0.2.x86_64.rpm\nphp-pdo-5.3.2-6.el6_0.2.x86_64.rpm\nphp-pgsql-5.3.2-6.el6_0.2.x86_64.rpm\nphp-soap-5.3.2-6.el6_0.2.x86_64.rpm\nphp-xml-5.3.2-6.el6_0.2.x86_64.rpm\nphp-xmlrpc-5.3.2-6.el6_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.1):\n\nSource:\nphp-5.3.3-3.el6_1.4.src.rpm\n\ni386:\nphp-5.3.3-3.el6_1.4.i686.rpm\nphp-cli-5.3.3-3.el6_1.4.i686.rpm\nphp-common-5.3.3-3.el6_1.4.i686.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.i686.rpm\nphp-gd-5.3.3-3.el6_1.4.i686.rpm\nphp-ldap-5.3.3-3.el6_1.4.i686.rpm\nphp-mysql-5.3.3-3.el6_1.4.i686.rpm\nphp-odbc-5.3.3-3.el6_1.4.i686.rpm\nphp-pdo-5.3.3-3.el6_1.4.i686.rpm\nphp-pgsql-5.3.3-3.el6_1.4.i686.rpm\nphp-soap-5.3.3-3.el6_1.4.i686.rpm\nphp-xml-5.3.3-3.el6_1.4.i686.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.i686.rpm\n\nppc64:\nphp-5.3.3-3.el6_1.4.ppc64.rpm\nphp-cli-5.3.3-3.el6_1.4.ppc64.rpm\nphp-common-5.3.3-3.el6_1.4.ppc64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm\nphp-gd-5.3.3-3.el6_1.4.ppc64.rpm\nphp-ldap-5.3.3-3.el6_1.4.ppc64.rpm\nphp-mysql-5.3.3-3.el6_1.4.ppc64.rpm\nphp-odbc-5.3.3-3.el6_1.4.ppc64.rpm\nphp-pdo-5.3.3-3.el6_1.4.ppc64.rpm\nphp-pgsql-5.3.3-3.el6_1.4.ppc64.rpm\nphp-soap-5.3.3-3.el6_1.4.ppc64.rpm\nphp-xml-5.3.3-3.el6_1.4.ppc64.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.ppc64.rpm\n\ns390x:\nphp-5.3.3-3.el6_1.4.s390x.rpm\nphp-cli-5.3.3-3.el6_1.4.s390x.rpm\nphp-common-5.3.3-3.el6_1.4.s390x.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.s390x.rpm\nphp-gd-5.3.3-3.el6_1.4.s390x.rpm\nphp-ldap-5.3.3-3.el6_1.4.s390x.rpm\nphp-mysql-5.3.3-3.el6_1.4.s390x.rpm\nphp-odbc-5.3.3-3.el6_1.4.s390x.rpm\nphp-pdo-5.3.3-3.el6_1.4.s390x.rpm\nphp-pgsql-5.3.3-3.el6_1.4.s390x.rpm\nphp-soap-5.3.3-3.el6_1.4.s390x.rpm\nphp-xml-5.3.3-3.el6_1.4.s390x.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.s390x.rpm\n\nx86_64:\nphp-5.3.3-3.el6_1.4.x86_64.rpm\nphp-cli-5.3.3-3.el6_1.4.x86_64.rpm\nphp-common-5.3.3-3.el6_1.4.x86_64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm\nphp-gd-5.3.3-3.el6_1.4.x86_64.rpm\nphp-ldap-5.3.3-3.el6_1.4.x86_64.rpm\nphp-mysql-5.3.3-3.el6_1.4.x86_64.rpm\nphp-odbc-5.3.3-3.el6_1.4.x86_64.rpm\nphp-pdo-5.3.3-3.el6_1.4.x86_64.rpm\nphp-pgsql-5.3.3-3.el6_1.4.x86_64.rpm\nphp-soap-5.3.3-3.el6_1.4.x86_64.rpm\nphp-xml-5.3.3-3.el6_1.4.x86_64.rpm\nphp-xmlrpc-5.3.3-3.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.0):\n\nSource:\nphp-5.3.2-6.el6_0.2.src.rpm\n\ni386:\nphp-bcmath-5.3.2-6.el6_0.2.i686.rpm\nphp-dba-5.3.2-6.el6_0.2.i686.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.i686.rpm\nphp-devel-5.3.2-6.el6_0.2.i686.rpm\nphp-embedded-5.3.2-6.el6_0.2.i686.rpm\nphp-enchant-5.3.2-6.el6_0.2.i686.rpm\nphp-imap-5.3.2-6.el6_0.2.i686.rpm\nphp-intl-5.3.2-6.el6_0.2.i686.rpm\nphp-mbstring-5.3.2-6.el6_0.2.i686.rpm\nphp-process-5.3.2-6.el6_0.2.i686.rpm\nphp-pspell-5.3.2-6.el6_0.2.i686.rpm\nphp-recode-5.3.2-6.el6_0.2.i686.rpm\nphp-snmp-5.3.2-6.el6_0.2.i686.rpm\nphp-tidy-5.3.2-6.el6_0.2.i686.rpm\nphp-zts-5.3.2-6.el6_0.2.i686.rpm\n\nppc64:\nphp-bcmath-5.3.2-6.el6_0.2.ppc64.rpm\nphp-dba-5.3.2-6.el6_0.2.ppc64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.ppc64.rpm\nphp-devel-5.3.2-6.el6_0.2.ppc64.rpm\nphp-embedded-5.3.2-6.el6_0.2.ppc64.rpm\nphp-enchant-5.3.2-6.el6_0.2.ppc64.rpm\nphp-imap-5.3.2-6.el6_0.2.ppc64.rpm\nphp-intl-5.3.2-6.el6_0.2.ppc64.rpm\nphp-mbstring-5.3.2-6.el6_0.2.ppc64.rpm\nphp-process-5.3.2-6.el6_0.2.ppc64.rpm\nphp-pspell-5.3.2-6.el6_0.2.ppc64.rpm\nphp-recode-5.3.2-6.el6_0.2.ppc64.rpm\nphp-snmp-5.3.2-6.el6_0.2.ppc64.rpm\nphp-tidy-5.3.2-6.el6_0.2.ppc64.rpm\nphp-zts-5.3.2-6.el6_0.2.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.2-6.el6_0.2.s390x.rpm\nphp-dba-5.3.2-6.el6_0.2.s390x.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.s390x.rpm\nphp-devel-5.3.2-6.el6_0.2.s390x.rpm\nphp-embedded-5.3.2-6.el6_0.2.s390x.rpm\nphp-enchant-5.3.2-6.el6_0.2.s390x.rpm\nphp-imap-5.3.2-6.el6_0.2.s390x.rpm\nphp-intl-5.3.2-6.el6_0.2.s390x.rpm\nphp-mbstring-5.3.2-6.el6_0.2.s390x.rpm\nphp-process-5.3.2-6.el6_0.2.s390x.rpm\nphp-pspell-5.3.2-6.el6_0.2.s390x.rpm\nphp-recode-5.3.2-6.el6_0.2.s390x.rpm\nphp-snmp-5.3.2-6.el6_0.2.s390x.rpm\nphp-tidy-5.3.2-6.el6_0.2.s390x.rpm\nphp-zts-5.3.2-6.el6_0.2.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.2-6.el6_0.2.x86_64.rpm\nphp-dba-5.3.2-6.el6_0.2.x86_64.rpm\nphp-debuginfo-5.3.2-6.el6_0.2.x86_64.rpm\nphp-devel-5.3.2-6.el6_0.2.x86_64.rpm\nphp-embedded-5.3.2-6.el6_0.2.x86_64.rpm\nphp-enchant-5.3.2-6.el6_0.2.x86_64.rpm\nphp-imap-5.3.2-6.el6_0.2.x86_64.rpm\nphp-intl-5.3.2-6.el6_0.2.x86_64.rpm\nphp-mbstring-5.3.2-6.el6_0.2.x86_64.rpm\nphp-process-5.3.2-6.el6_0.2.x86_64.rpm\nphp-pspell-5.3.2-6.el6_0.2.x86_64.rpm\nphp-recode-5.3.2-6.el6_0.2.x86_64.rpm\nphp-snmp-5.3.2-6.el6_0.2.x86_64.rpm\nphp-tidy-5.3.2-6.el6_0.2.x86_64.rpm\nphp-zts-5.3.2-6.el6_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.1):\n\nSource:\nphp-5.3.3-3.el6_1.4.src.rpm\n\ni386:\nphp-bcmath-5.3.3-3.el6_1.4.i686.rpm\nphp-dba-5.3.3-3.el6_1.4.i686.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.i686.rpm\nphp-devel-5.3.3-3.el6_1.4.i686.rpm\nphp-embedded-5.3.3-3.el6_1.4.i686.rpm\nphp-enchant-5.3.3-3.el6_1.4.i686.rpm\nphp-imap-5.3.3-3.el6_1.4.i686.rpm\nphp-intl-5.3.3-3.el6_1.4.i686.rpm\nphp-mbstring-5.3.3-3.el6_1.4.i686.rpm\nphp-process-5.3.3-3.el6_1.4.i686.rpm\nphp-pspell-5.3.3-3.el6_1.4.i686.rpm\nphp-recode-5.3.3-3.el6_1.4.i686.rpm\nphp-snmp-5.3.3-3.el6_1.4.i686.rpm\nphp-tidy-5.3.3-3.el6_1.4.i686.rpm\nphp-zts-5.3.3-3.el6_1.4.i686.rpm\n\nppc64:\nphp-bcmath-5.3.3-3.el6_1.4.ppc64.rpm\nphp-dba-5.3.3-3.el6_1.4.ppc64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.ppc64.rpm\nphp-devel-5.3.3-3.el6_1.4.ppc64.rpm\nphp-embedded-5.3.3-3.el6_1.4.ppc64.rpm\nphp-enchant-5.3.3-3.el6_1.4.ppc64.rpm\nphp-imap-5.3.3-3.el6_1.4.ppc64.rpm\nphp-intl-5.3.3-3.el6_1.4.ppc64.rpm\nphp-mbstring-5.3.3-3.el6_1.4.ppc64.rpm\nphp-process-5.3.3-3.el6_1.4.ppc64.rpm\nphp-pspell-5.3.3-3.el6_1.4.ppc64.rpm\nphp-recode-5.3.3-3.el6_1.4.ppc64.rpm\nphp-snmp-5.3.3-3.el6_1.4.ppc64.rpm\nphp-tidy-5.3.3-3.el6_1.4.ppc64.rpm\nphp-zts-5.3.3-3.el6_1.4.ppc64.rpm\n\ns390x:\nphp-bcmath-5.3.3-3.el6_1.4.s390x.rpm\nphp-dba-5.3.3-3.el6_1.4.s390x.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.s390x.rpm\nphp-devel-5.3.3-3.el6_1.4.s390x.rpm\nphp-embedded-5.3.3-3.el6_1.4.s390x.rpm\nphp-enchant-5.3.3-3.el6_1.4.s390x.rpm\nphp-imap-5.3.3-3.el6_1.4.s390x.rpm\nphp-intl-5.3.3-3.el6_1.4.s390x.rpm\nphp-mbstring-5.3.3-3.el6_1.4.s390x.rpm\nphp-process-5.3.3-3.el6_1.4.s390x.rpm\nphp-pspell-5.3.3-3.el6_1.4.s390x.rpm\nphp-recode-5.3.3-3.el6_1.4.s390x.rpm\nphp-snmp-5.3.3-3.el6_1.4.s390x.rpm\nphp-tidy-5.3.3-3.el6_1.4.s390x.rpm\nphp-zts-5.3.3-3.el6_1.4.s390x.rpm\n\nx86_64:\nphp-bcmath-5.3.3-3.el6_1.4.x86_64.rpm\nphp-dba-5.3.3-3.el6_1.4.x86_64.rpm\nphp-debuginfo-5.3.3-3.el6_1.4.x86_64.rpm\nphp-devel-5.3.3-3.el6_1.4.x86_64.rpm\nphp-embedded-5.3.3-3.el6_1.4.x86_64.rpm\nphp-enchant-5.3.3-3.el6_1.4.x86_64.rpm\nphp-imap-5.3.3-3.el6_1.4.x86_64.rpm\nphp-intl-5.3.3-3.el6_1.4.x86_64.rpm\nphp-mbstring-5.3.3-3.el6_1.4.x86_64.rpm\nphp-process-5.3.3-3.el6_1.4.x86_64.rpm\nphp-pspell-5.3.3-3.el6_1.4.x86_64.rpm\nphp-recode-5.3.3-3.el6_1.4.x86_64.rpm\nphp-snmp-5.3.3-3.el6_1.4.x86_64.rpm\nphp-tidy-5.3.3-3.el6_1.4.x86_64.rpm\nphp-zts-5.3.3-3.el6_1.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-1823.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPq+BrXlSAg2UNWIIRAlkPAJ99QQuun9ljsbFTsnMoLAbItDTJUQCggigr\nNQJBwTDuCJX2FNa8cSIcWCY=\n=s0aa\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1437-1\nMay 04, 2012\n\nphp5 vulnerability\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nStandalone PHP CGI scripts could be made to execute arbitrary code with\nthe privilege of the web server. Configurations using\nmod_php5 and FastCGI were not vulnerable. Please see\nhttp://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html\nfor more details and potential mitigation approaches. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n php5-cgi 5.3.10-1ubuntu3.1\n\nUbuntu 11.10:\n php5-cgi 5.3.6-13ubuntu3.7\n\nUbuntu 11.04:\n php5-cgi 5.3.5-1ubuntu7.8\n\nUbuntu 10.04 LTS:\n php5-cgi 5.3.2-1ubuntu4.15\n\nUbuntu 8.04 LTS:\n php5-cgi 5.2.4-2ubuntu5.24\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "BID",
"id": "53388"
},
{
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"db": "PACKETSTORM",
"id": "112515"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "112580"
},
{
"db": "PACKETSTORM",
"id": "113905"
},
{
"db": "PACKETSTORM",
"id": "112508"
},
{
"db": "PACKETSTORM",
"id": "112605"
},
{
"db": "PACKETSTORM",
"id": "112474"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18836",
"trust": 0.4,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1823"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1823",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#520827",
"trust": 2.2
},
{
"db": "CERT/CC",
"id": "VU#673343",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "49014",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "49065",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "49085",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "49087",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1027022",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2024/06/07/1",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235",
"trust": 0.8
},
{
"db": "JUNIPER",
"id": "JSA10658",
"trust": 0.3
},
{
"db": "BID",
"id": "53388",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "18836",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-1823",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "49097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112515",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112580",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113905",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112474",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"db": "BID",
"id": "53388"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "PACKETSTORM",
"id": "112515"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "112580"
},
{
"db": "PACKETSTORM",
"id": "113905"
},
{
"db": "PACKETSTORM",
"id": "112508"
},
{
"db": "PACKETSTORM",
"id": "112605"
},
{
"db": "PACKETSTORM",
"id": "112474"
},
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"id": "VAR-201205-0305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.47077376
},
"last_update_date": "2024-07-23T20:13:35.528000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5501"
},
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5501?viewlocale=ja_jp"
},
{
"title": "PHP-CGI \u306e query string \u306e\u51e6\u7406\u306b\u8106\u5f31\u6027\u3010CY12-06-001\u3011",
"trust": 0.8,
"url": "http://cs.cybozu.co.jp/information/20120606up02.php"
},
{
"title": "HPSBMU02786 SSRT100877",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
},
{
"title": "HPSBUX02791 SSRT100856",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03368475"
},
{
"title": "1621015",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621015"
},
{
"title": "1620314",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
},
{
"title": "#61910",
"trust": 0.8,
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"title": "RHSA-2012:0546",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0546.html"
},
{
"title": "RHSA-2012:0568",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0568.html"
},
{
"title": "RHSA-2012:0547",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0547.html"
},
{
"title": "PHP 5.3.12 and PHP 5.4.2 Released!",
"trust": 0.8,
"url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
},
{
"title": "PHP: CGI \u30d0\u30a4\u30ca\u30ea\u3068\u3057\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb - Manual",
"trust": 0.8,
"url": "http://www.php.net/manual/ja/security.cgi-bin.php"
},
{
"title": "PHP 5 ChangeLog - Version 5.4.2",
"trust": 0.8,
"url": "http://www.php.net/changelog-5.php#5.4.2"
},
{
"title": "PHP 5.4.3 and PHP 5.3.13 Released!",
"trust": 0.8,
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"title": "Patch cgi.diff for CGI/CLI related Bug #61910",
"trust": 0.8,
"url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff\u0026revision=1335984315\u0026display=1"
},
{
"title": "PHP 5.3.12 and 5.4.2 releases about CGI flaw (CVE-2012-1823)",
"trust": 0.8,
"url": "http://www.php.net/archive/2012.php#id2012-05-06-1"
},
{
"title": "001-005900",
"trust": 0.8,
"url": "https://support.cybozu.com/ja-jp/article/5900"
},
{
"title": "Red Hat: Critical: php53 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120569 - security advisory"
},
{
"title": "Red Hat: Critical: php security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120568 - security advisory"
},
{
"title": "Red Hat: Critical: php security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120546 - security advisory"
},
{
"title": "Red Hat: Critical: php53 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120547 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: php5: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=369fec60ba7ae134a5d768faf3cb2f6b"
},
{
"title": "Ubuntu Security Notice: php5 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1437-1"
},
{
"title": "Amazon Linux AMI: ALAS-2012-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-077"
},
{
"title": "Debian Security Advisories: DSA-2465-1 php5 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=db88513c75df4c41339c6c90dcb69831"
},
{
"title": "Red Hat: Moderate: php security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121045 - security advisory"
},
{
"title": "Red Hat: Moderate: php53 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121047 - security advisory"
},
{
"title": "Red Hat: Moderate: php security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121046 - security advisory"
},
{
"title": "HacktivityCon_CTF_2020",
"trust": 0.1,
"url": "https://github.com/w3rni0/hacktivitycon_ctf_2020 "
},
{
"title": "exploits",
"trust": 0.1,
"url": "https://github.com/infodox/exploits "
},
{
"title": "webappurls",
"trust": 0.1,
"url": "https://github.com/pwnwiki/webappurls "
},
{
"title": "CVE-2012-1823",
"trust": 0.1,
"url": "https://github.com/drone789/cve-2012-1823 "
},
{
"title": "Covid-v2-Botnet",
"trust": 0.1,
"url": "https://github.com/sniperx-d/covid-v2-botnet "
},
{
"title": "covid",
"trust": 0.1,
"url": "https://github.com/mrscythelulz/covid "
},
{
"title": "python-pySecurity",
"trust": 0.1,
"url": "https://github.com/cybersavvy/python-pysecurity "
},
{
"title": "pySecurity",
"trust": 0.1,
"url": "https://github.com/smartflash/pysecurity "
},
{
"title": "AutoSploit",
"trust": 0.1,
"url": "https://github.com/rootup/autosploit "
},
{
"title": "Python",
"trust": 0.1,
"url": "https://github.com/bcybersavvy/python "
},
{
"title": "awesome-infosec",
"trust": 0.1,
"url": "https://github.com/onlurking/awesome-infosec "
},
{
"title": "awesome-infosec",
"trust": 0.1,
"url": "https://github.com/eric-erki/awesome-infosec "
},
{
"title": "Intrusion_Detection_System-Python",
"trust": 0.1,
"url": "https://github.com/marcocastro100/intrusion_detection_system-python "
},
{
"title": "deepdig",
"trust": 0.1,
"url": "https://github.com/cyberdeception/deepdig "
},
{
"title": "Boot2root-CTFs-Writeups",
"trust": 0.1,
"url": "https://github.com/jean-francois-c/boot2root-ctfs "
},
{
"title": "Boot2root-CTFs-Writeups",
"trust": 0.1,
"url": "https://github.com/jean-francois-c/boot2root-ctfs-writeups "
},
{
"title": "CDL",
"trust": 0.1,
"url": "https://github.com/ncsu-dance-research-group/cdl "
},
{
"title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
"trust": 0.1,
"url": "https://github.com/yuhang-lin/classified-distributed-learning-for-detecting-security-attacks-in-containerized-applications "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/new-exploits-arrive-for-old-php-vulnerability/104881/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/it-threat-evolution-q2-2013/37163/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/php-group-set-release-another-patch-cve-2012-1823-flaw-050812/76537/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/520827"
},
{
"trust": 1.5,
"url": "http://www.kb.cert.org/vuls/id/673343"
},
{
"trust": 1.4,
"url": "http://www.php.net/archive/2012.php#id2012-05-03-1"
},
{
"trust": 1.4,
"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"trust": 1.4,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0568.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0547.html"
},
{
"trust": 1.1,
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"trust": 1.1,
"url": "http://www.php.net/changelog-5.php#5.4.2"
},
{
"trust": 1.1,
"url": "https://bugs.php.net/patch-display.php?bug_id=61910\u0026patch=cgi.diff\u0026revision=1335984315\u0026display=1"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0546.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/49014"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/49087"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/49065"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134012830914727\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1027022"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/49085"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:068"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0570.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0569.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pkgtquoa2ntz3rxn22csaujpiruyrb4b/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w45dboh56nqdrtom2dn2lna2fzimc3pk/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1823"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu520827"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu381963/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1823"
},
{
"trust": 0.6,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03839862"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.hmj%2asm..t.a4jy.6o9k.bw89mq%5f%5fdmtsfto0"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/lotus/products/foundations/start/"
},
{
"trust": 0.3,
"url": "http://kb.parallels.com/en/113818"
},
{
"trust": 0.3,
"url": "kb.parallels.com/en/116241"
},
{
"trust": 0.3,
"url": "https://community.rapid7.com/thread/5174"
},
{
"trust": 0.3,
"url": "http://www.php.net/"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/jun/21"
},
{
"trust": 0.3,
"url": "http://ompldr.org/vzgxxaq"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100162699"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100165255"
},
{
"trust": 0.3,
"url": "http://www.h-online.com/security/news/item/critical-open-hole-in-php-creates-risks-update-1567532.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620314"
},
{
"trust": 0.3,
"url": "http://www.turbolinux.co.jp/security-e/2012/tlsa-2012-14.txt"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1823.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0569"
},
{
"trust": 0.1,
"url": "https://github.com/infodox/exploits"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/18836/"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1437-1/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49097/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49097"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49097/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.8"
},
{
"trust": 0.1,
"url": "http://people.canonical.com/~ubuntu-security/cve/2012/cve-2012-2311.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.24"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.7"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1437-1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"db": "BID",
"id": "53388"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "PACKETSTORM",
"id": "112515"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "112580"
},
{
"db": "PACKETSTORM",
"id": "113905"
},
{
"db": "PACKETSTORM",
"id": "112508"
},
{
"db": "PACKETSTORM",
"id": "112605"
},
{
"db": "PACKETSTORM",
"id": "112474"
},
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"db": "BID",
"id": "53388"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"db": "PACKETSTORM",
"id": "112515"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "112580"
},
{
"db": "PACKETSTORM",
"id": "113905"
},
{
"db": "PACKETSTORM",
"id": "112508"
},
{
"db": "PACKETSTORM",
"id": "112605"
},
{
"db": "PACKETSTORM",
"id": "112474"
},
{
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"date": "2012-05-04T00:00:00",
"db": "BID",
"id": "53388"
},
{
"date": "2012-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"date": "2012-05-08T04:16:46",
"db": "PACKETSTORM",
"id": "112515"
},
{
"date": "2012-06-28T03:39:12",
"db": "PACKETSTORM",
"id": "114272"
},
{
"date": "2012-05-10T03:59:25",
"db": "PACKETSTORM",
"id": "112580"
},
{
"date": "2012-06-19T18:22:00",
"db": "PACKETSTORM",
"id": "113905"
},
{
"date": "2012-05-07T20:04:50",
"db": "PACKETSTORM",
"id": "112508"
},
{
"date": "2012-05-10T21:02:10",
"db": "PACKETSTORM",
"id": "112605"
},
{
"date": "2012-05-06T01:28:45",
"db": "PACKETSTORM",
"id": "112474"
},
{
"date": "2012-05-11T10:15:48.043000",
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1823"
},
{
"date": "2015-04-13T22:15:00",
"db": "BID",
"id": "53388"
},
{
"date": "2013-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002235"
},
{
"date": "2024-07-16T17:48:42.937000",
"db": "NVD",
"id": "CVE-2012-1823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "53388"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-CGI of query string Vulnerability in processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "112580"
},
{
"db": "PACKETSTORM",
"id": "113905"
},
{
"db": "PACKETSTORM",
"id": "112474"
}
],
"trust": 0.4
}
}
VAR-200503-0010
Vulnerability from variot - Updated: 2024-07-23 19:39Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, and HP-UX up to 11.00. It is noted that on Windows Server 2003 and XP SP2, the TCP and IP checksums must be correct to trigger the issue. **Update: It is reported that Microsoft platforms are also prone to this vulnerability. The vendor reports that network routers may not route malformed TCP/IP packets used to exploit this issue. As a result, an attacker may have to discover a suitable route to a target computer, or reside on the target network segment itself before exploitation is possible.
Want a new IT Security job?
Vacant positions at Secunia: http://secunia.com/secunia_vacancies/
TITLE: Microsoft Exchange SMTP Service Extended Verb Request Buffer Overflow
SECUNIA ADVISORY ID: SA14920
VERIFY ADVISORY: http://secunia.com/advisories/14920/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Microsoft Exchange Server 2000 http://secunia.com/product/41/ Microsoft Exchange Server 2003 http://secunia.com/product/1828/
DESCRIPTION: ISS X-Force has reported a vulnerability in Microsoft Exchange Server, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the SMTP service within the handling of a certain extended verb request. This can be exploited to cause a heap-based buffer overflow by connecting to the SMTP service and issuing a specially crafted command.
Successful exploitation allows execution of arbitrary code with the privileges of the SMTP service (by default "Local System"). Instead, this requires permissions usually only granted to other Exchange servers in a domain.
SOLUTION: Apply patches.
Microsoft Exchange 2000 Server (requires SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=2A2AF17E-2E4A-4479-8AC9-B5544EA0BD66
Microsoft Exchange Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=97F409EB-C8D0-4C94-A67B-5945E26C9267
Microsoft Exchange Server 2003 (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=35BCE74A-E84A-4035-BF18-196368F032CC
The following versions are not affected: * Microsoft Exchange Server 5.5 SP4 * Microsoft Exchange Server 5.0 SP2
PROVIDED AND/OR DISCOVERED BY: Mark Dowd and Ben Layer, ISS X-Force.
ORIGINAL ADVISORY: MS05-021 (KB894549): http://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx
ISS X-Force: http://xforce.iss.net/xforce/alerts/id/193
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200503-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "none"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(itanium)"
},
{
"model": "windows server 2003",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(x64)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.6,
"vendor": "bsdi",
"version": "2.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.01"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.3.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.31"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2.5"
},
{
"model": "ios aa",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.10"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.0"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt enterprise server sp4",
"scope": "ne",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.6,
"vendor": "bsdi",
"version": "3.0"
},
{
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.34"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios f",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios bt",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0.12"
},
{
"model": "windows nt workstation sp4",
"scope": "ne",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "ios ia",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.3"
},
{
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.6,
"vendor": "bsdi",
"version": "3.1"
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.1.x"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.2"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.1"
},
{
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "10.3.16"
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.38"
},
{
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "4.1"
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.6,
"vendor": "bsdi",
"version": "2.0"
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.36"
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.3"
},
{
"model": "ios bt",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.6,
"vendor": "freebsd",
"version": "3.x"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.2.10"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.1.5"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.6,
"vendor": "bsdi",
"version": "2.0.1"
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2.3"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.6,
"vendor": "bsdi",
"version": "1.1"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.33"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "open desktop",
"scope": "eq",
"trust": 0.6,
"vendor": "sco",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.1.6.1"
},
{
"model": "ios ia",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.16"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.3.2"
},
{
"model": "ios aa",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "9.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.6,
"vendor": "sco",
"version": "2.1"
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2.2"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios a",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "10.3.19"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.1"
},
{
"model": "ios f1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.35"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "11.0"
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "cmw+",
"scope": "eq",
"trust": 0.6,
"vendor": "sco",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.6,
"vendor": "bsdi",
"version": "4.0"
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "ios ca",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "ios/700",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.30"
},
{
"model": "sunos",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "4.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "95"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.2.10"
},
{
"model": "catalyst supervisor software",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "29xx2.4.401"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.37"
},
{
"model": "sunos u1",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "4.1.3"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.0"
},
{
"model": "atm switch",
"scope": "eq",
"trust": 0.6,
"vendor": "marconi",
"version": "6.1.1"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.6,
"vendor": "linux",
"version": "2.0.32"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "ne",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "catalyst supervisor software",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "29xx2.1.1102"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.2.1"
},
{
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "open server",
"scope": "eq",
"trust": 0.6,
"vendor": "sco",
"version": "5.0"
},
{
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2.8"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios p",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.2.9"
},
{
"model": "atm switch",
"scope": "eq",
"trust": 0.6,
"vendor": "marconi",
"version": "7.0.1"
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.2.4"
},
{
"model": "windows nt server sp4",
"scope": "ne",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.1.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.20"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.6,
"vendor": "bsdi",
"version": "4.0.1"
},
{
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios ca",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.6,
"vendor": "netbsd",
"version": "1.2"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.6,
"vendor": "freebsd",
"version": "2.1x"
},
{
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "10.30"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "modular messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "windows xp embedded sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows nt sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp3 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dejan Levaja dejan@levaja.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200503-048"
}
],
"trust": 0.6
},
"cve": "CVE-2005-0688",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2005-0688",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-0688",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#396645",
"trust": 0.8,
"value": "12.15"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#233754",
"trust": 0.8,
"value": "12.29"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#275193",
"trust": 0.8,
"value": "36.15"
},
{
"author": "CNNVD",
"id": "CNNVD-200503-048",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the \"Land\" vulnerability (CVE-1999-0016). Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices \u0026amp; Catalyst switches, and HP-UX up to 11.00. \nIt is noted that on Windows Server 2003 and XP SP2, the TCP and IP checksums must be correct to trigger the issue. \n**Update: It is reported that Microsoft platforms are also prone to this vulnerability. The vendor reports that network routers may not route malformed TCP/IP packets used to exploit this issue. As a result, an attacker may have to discover a suitable route to a target computer, or reside on the target network segment itself before exploitation is possible. \n----------------------------------------------------------------------\n\nWant a new IT Security job?\n\nVacant positions at Secunia:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Exchange SMTP Service Extended Verb Request Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA14920\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/14920/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMicrosoft Exchange Server 2000\nhttp://secunia.com/product/41/\nMicrosoft Exchange Server 2003\nhttp://secunia.com/product/1828/\n\nDESCRIPTION:\nISS X-Force has reported a vulnerability in Microsoft Exchange\nServer, which can be exploited by malicious people to compromise a\nvulnerable system. \n\nThe vulnerability is caused due to a boundary error in the SMTP\nservice within the handling of a certain extended verb request. This\ncan be exploited to cause a heap-based buffer overflow by connecting\nto the SMTP service and issuing a specially crafted command. \n\nSuccessful exploitation allows execution of arbitrary code with the\nprivileges of the SMTP service (by default \"Local System\"). Instead, this requires permissions\nusually only granted to other Exchange servers in a domain. \n\nSOLUTION:\nApply patches. \n\nMicrosoft Exchange 2000 Server (requires SP3):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=2A2AF17E-2E4A-4479-8AC9-B5544EA0BD66\n\nMicrosoft Exchange Server 2003:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=97F409EB-C8D0-4C94-A67B-5945E26C9267\n\nMicrosoft Exchange Server 2003 (requires SP1):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=35BCE74A-E84A-4035-BF18-196368F032CC\n\nThe following versions are not affected:\n* Microsoft Exchange Server 5.5 SP4\n* Microsoft Exchange Server 5.0 SP2\n\nPROVIDED AND/OR DISCOVERED BY:\nMark Dowd and Ben Layer, ISS X-Force. \n\nORIGINAL ADVISORY:\nMS05-021 (KB894549):\nhttp://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx\n\nISS X-Force:\nhttp://xforce.iss.net/xforce/alerts/id/193\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0688"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "PACKETSTORM",
"id": "37141"
}
],
"trust": 4.41
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-0688",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "14512",
"trust": 2.4
},
{
"db": "USCERT",
"id": "TA05-102A",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "22341",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3983",
"trust": 1.6
},
{
"db": "BID",
"id": "2666",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "14920",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "14578",
"trust": 0.8
},
{
"db": "XF",
"id": "19593",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#396645",
"trust": 0.8
},
{
"db": "BID",
"id": "13116",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1013686",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#233754",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "15467",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#275193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167",
"trust": 0.8
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:4978",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1288",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:482",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1685",
"trust": 0.6
},
{
"db": "MS",
"id": "MS06-064",
"trust": 0.6
},
{
"db": "MS",
"id": "MS05-019",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT061264",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050305 WINDOWS SERVER 2003 AND XP SP2 LAND ATTACK VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200503-048",
"trust": 0.6
},
{
"db": "BID",
"id": "13658",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "37141",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"id": "VAR-200503-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33667661
},
"last_update_date": "2024-07-23T19:39:25.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS06-064",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx"
},
{
"title": "MS05-019",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx"
},
{
"title": "MS05-019",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms05-019.mspx"
},
{
"title": "MS06-064",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-064.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/14512/"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-102a.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22341"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=111005099504081\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3983"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1288"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1685"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a482"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4978"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/alerts/id/193"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/14920/"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/14512"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2666 "
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/19593"
},
{
"trust": 0.8,
"url": "http://osvdb.org/displayvuln.php?osvdb_id=14578"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/192"
},
{
"trust": 0.8,
"url": "http://www.iana.org/assignments/ip-parameters"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13116/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/apr/1013686.html"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=15467"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-0688"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20050413-ms05-019.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2005/wr051601.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta05-102a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta05-102a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-0688"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/windowsntfocus/5pp0720f5u.html"
},
{
"trust": 0.6,
"url": "http://support.microsoft.com/support/kb/articles/q165/0/05.asp"
},
{
"trust": 0.6,
"url": "http://support.microsoft.com/support/kb/articles/q177/5/39.asp"
},
{
"trust": 0.6,
"url": "http://support.novell.com/cgi-bin/search/tidfinder.cgi?2932511"
},
{
"trust": 0.6,
"url": "http://www.cisco.com/warp/public/770/land-pub.shtml#iosvers"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/392354"
},
{
"trust": 0.6,
"url": "/archive/1/392642"
},
{
"trust": 0.6,
"url": "/archive/1/393045"
},
{
"trust": 0.6,
"url": "/archive/1/392354"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111005099504081\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3983"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4978"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:482"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1685"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1288"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2006-217.htm"
},
{
"trust": 0.3,
"url": "/archive/1/400188"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=35bce74a-e84a-4035-bf18-196368f032cc"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=2a2af17e-2e4a-4479-8ac9-b5544ea0bd66"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/41/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=97f409eb-c8d0-4c94-a67b-5945e26c9267"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1828/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-04-13T00:00:00",
"db": "CERT/CC",
"id": "VU#396645"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#233754"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#275193"
},
{
"date": "2005-05-17T00:00:00",
"db": "BID",
"id": "13658"
},
{
"date": "1997-11-20T00:00:00",
"db": "BID",
"id": "2666"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"date": "2005-04-18T07:20:47",
"db": "PACKETSTORM",
"id": "37141"
},
{
"date": "1997-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"date": "2005-03-05T05:00:00",
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-04-13T00:00:00",
"db": "CERT/CC",
"id": "VU#396645"
},
{
"date": "2005-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#233754"
},
{
"date": "2005-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#275193"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "13658"
},
{
"date": "2009-07-11T06:06:00",
"db": "BID",
"id": "2666"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000167"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-048"
},
{
"date": "2018-10-19T15:31:16.513000",
"db": "NVD",
"id": "CVE-2005-0688"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows vulnerable to DoS via LAND attack",
"sources": [
{
"db": "CERT/CC",
"id": "VU#396645"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "13658"
},
{
"db": "BID",
"id": "2666"
}
],
"trust": 0.6
}
}
VAR-200310-0072
Vulnerability from variot - Updated: 2024-07-23 19:31The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. sendmail A buffer overflow vulnerability was discovered in the email address parsing process. This vulnerability CERT Advisory CA-2003-07, CA-2003-12 This is a new vulnerability that differs from the vulnerability reported in. As for the vulnerability, there is a possibility that a third party may obtain administrator authority from a remote location. This problem, sendmail Occurs by receiving a message with a maliciously configured email address. For this reason, LAN Is running on a host sendmail Even other MTA (Mail Transfer Agent) If you receive a malicious message relayed from, you may be affected by the vulnerability.Service operation interruption (denial-of-service, DoS) An attacker or a remote third party may gain administrative privileges. This issue is different than the vulnerability described in BID 7230. Sendmail is one of the most popular mail transfer agents (MTAs) on the Internet. The local exploitation method on Linux can use recipient.c and sendtolist() to overwrite the pointer with the data submitted by the user. When calling the free() function, the command may be redirected, and the attacker can construct a malicious email message and submit it to Sendmail for analysis. Execute arbitrary commands on the system with Sendmail process privileges. There may also be other exploit methods, and it is also possible to exploit this vulnerability remotely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200310-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 2.1,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "aix",
"scope": "eq",
"trust": 2.1,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 2.1,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.5"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.1"
},
{
"model": "advanced server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.8,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.8,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.8,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.5.16"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.5.15"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "gentoo",
"version": "1.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "gentoo",
"version": "0.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "gentoo",
"version": "0.5"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk5_bl23"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk3_bl3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.0.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.3"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk6_bl17"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk2_bl2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.0"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g_pk4_bl22"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b_pk2_bl22"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "1.2"
},
{
"model": "pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk5_bl19"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk7_bl18"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk4_bl18"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk8_bl22"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b_pk1_bl1"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.19m"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.18f"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.18m"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.17m"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "9.0"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g_pk3_bl17"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "1.1a"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "8.0"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "1.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.17f"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.19f"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.7"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk1_bl1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk4_bl21"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk6_bl20"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.4"
},
{
"model": "pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.21f"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.5"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.5"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk3_bl17"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.9"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.21m"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.20f"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "6.5.20m"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm eserver",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sendmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sendmail consortium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "openlinux",
"scope": "eq",
"trust": 0.8,
"vendor": "sco",
"version": "3.1.1 (server)"
},
{
"model": "open unix",
"scope": "eq",
"trust": 0.8,
"vendor": "sco",
"version": "8.0.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "3.0.x (solaris"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "linux"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "aix"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "systemwalker it budgetmgr",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "aix edition )"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "for nt",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.6.x"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "systemwalker listcreator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "sendmail",
"scope": "lte",
"trust": 0.8,
"vendor": "sendmail consortium",
"version": "8.12.9 and earlier"
},
{
"model": "for nt",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "version 3.0.x"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.8,
"vendor": "sco",
"version": "7.1.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.2.xj (windows nt/2000 edition )"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.2.x (solaris"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "openbsd",
"scope": "lt",
"trust": 0.8,
"vendor": "openbsd",
"version": "version"
},
{
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "linux"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "aix edition )"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "windows nt/2000"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "1.3 (windows 2000 edition )"
},
{
"model": "teamware office",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.8,
"vendor": "sgi",
"version": "6.5 (6.5.15 - 6.5.21f)"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.1.x (solaris"
},
{
"model": "openlinux",
"scope": "eq",
"trust": 0.8,
"vendor": "sco",
"version": "3.1.1 (workstation)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "3.1.x (solaris"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.8,
"vendor": "fore tune",
"version": "5.0"
},
{
"model": "cobalt qube3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "interstage office square",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.8,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "3.0"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.1.x (hp-ux edition )"
},
{
"model": "freebsd",
"scope": "lt",
"trust": 0.8,
"vendor": "freebsd",
"version": "version"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.8,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "linux 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "turbolinux advanced server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.8,
"vendor": "fore tune",
"version": "4.3.1"
},
{
"model": "gnu/linux",
"scope": "lt",
"trust": 0.8,
"vendor": "debian",
"version": "version"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "systemwalker listworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.0.x (solaris"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "s390 linux edition )"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "1.2 (solaris"
},
{
"model": "systemwalker ip netmgr",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "s390 linux edition )"
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "aix"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0.7"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "inc sendmail pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "inc sendmail pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "inc sendmail advanced message server",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "1.3"
},
{
"model": "inc sendmail advanced message server",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "1.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.9"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "consortium sendmail beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5x86"
},
{
"model": "sh3",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "linux rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux a",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-release-p14",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-release-p7",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-release-p17",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-release-p20",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-release-p32",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-release-p42",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-release-p38",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.0"
},
{
"model": "tru64 b pk2",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 b pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk5",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk2",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 pk5",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 g pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 g pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f pk8",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f pk7",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.1"
},
{
"model": "consortium sendmail",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.10"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#784980"
},
{
"db": "BID",
"id": "8641"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michal Zalewski\u203b lcamtuf@echelon.pl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0694",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2003-0694",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-7519",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0694",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#784980",
"trust": 0.8,
"value": "36.72"
},
{
"author": "CNNVD",
"id": "CNNVD-200310-019",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-7519",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-0694",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#784980"
},
{
"db": "VULHUB",
"id": "VHN-7519"
},
{
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. sendmail A buffer overflow vulnerability was discovered in the email address parsing process. This vulnerability CERT Advisory CA-2003-07, CA-2003-12 This is a new vulnerability that differs from the vulnerability reported in. As for the vulnerability, there is a possibility that a third party may obtain administrator authority from a remote location. This problem, sendmail Occurs by receiving a message with a maliciously configured email address. For this reason, LAN Is running on a host sendmail Even other MTA (Mail Transfer Agent) If you receive a malicious message relayed from, you may be affected by the vulnerability.Service operation interruption (denial-of-service, DoS) An attacker or a remote third party may gain administrative privileges. This issue is different than the vulnerability described in BID 7230. Sendmail is one of the most popular mail transfer agents (MTAs) on the Internet. The local exploitation method on Linux can use recipient.c and sendtolist() to overwrite the pointer with the data submitted by the user. When calling the free() function, the command may be redirected, and the attacker can construct a malicious email message and submit it to Sendmail for analysis. Execute arbitrary commands on the system with Sendmail process privileges. There may also be other exploit methods, and it is also possible to exploit this vulnerability remotely",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0694"
},
{
"db": "CERT/CC",
"id": "VU#784980"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"db": "BID",
"id": "8641"
},
{
"db": "VULHUB",
"id": "VHN-7519"
},
{
"db": "VULMON",
"id": "CVE-2003-0694"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#784980",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2003-0694",
"trust": 2.9
},
{
"db": "BID",
"id": "8641",
"trust": 1.3
},
{
"db": "XF",
"id": "13204",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019",
"trust": 0.7
},
{
"db": "CONECTIVA",
"id": "CLA-2003:742",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:284",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:283",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2003-25",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20030917 ZALEWSKI ADVISORY - SENDMAIL 8.12.9 PRESCAN BUG",
"trust": 0.6
},
{
"db": "SCO",
"id": "SCOSA-2004.11",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:092",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030917 GLSA: SENDMAIL (200309-13)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030917 [SLACKWARE-SECURITY] SENDMAIL VULNERABILITIES FIXED (SSA:2003-260-02)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030917 SENDMAIL 8.12.9 PRESCAN BUG (A NEW ONE) [CAN-2003-0694]",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030919 [OPENPKG-SA-2003.041] OPENPKG SECURITY ADVISORY (SENDMAIL)",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:603",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:2975",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:572",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20030917 SENDMAIL 8.12.9 PRESCAN BUG (A NEW ONE) [CAN-2003-0694]",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-384",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7519",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0694",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#784980"
},
{
"db": "VULHUB",
"id": "VHN-7519"
},
{
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"db": "BID",
"id": "8641"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"id": "VAR-200310-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7519"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:31:47.530000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ca-2003-25",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cert/cert2003.html#ca-2003-25"
},
{
"title": "DSA-384-1",
"trust": 0.8,
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"title": "FreeBSD-SA-03:13.sendmail ",
"trust": 0.8,
"url": "http://security.freebsd.org/advisories/freebsd-sa-03:13.sendmail.asc"
},
{
"title": "HPSBUX00281",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01035741"
},
{
"title": "IY48657",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1iy48657"
},
{
"title": "IY48659",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1iy48659"
},
{
"title": "IY48658",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1iy48658"
},
{
"title": "MSS-OAR-E01-2003.1473.1",
"trust": 0.8,
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2003.1473.1"
},
{
"title": "sendmail (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=150"
},
{
"title": "NetBSD-SA2003-016",
"trust": 0.8,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-016.txt.asc"
},
{
"title": "018: SECURITY FIX: September 17, 2003",
"trust": 0.8,
"url": "http://www.openbsd.org/errata32.html#sendmail4"
},
{
"title": "005: SECURITY FIX: September 17, 2003",
"trust": 0.8,
"url": "http://www.openbsd.org/errata33.html#sendmail"
},
{
"title": "RHSA-2003:283",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-283.html"
},
{
"title": "RHSA-2003:284",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-284.html"
},
{
"title": "CSSA-2003-036.0",
"trust": 0.8,
"url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-036.0.txt"
},
{
"title": "CSSA-2003-SCO.23.1",
"trust": 0.8,
"url": "ftp://ftp.sco.com/pub/updates/unixware/cssa-2003-sco.23/cssa-2003-sco.23.txt"
},
{
"title": "8.12.10",
"trust": 0.8,
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"title": "2003-9-17",
"trust": 0.8,
"url": "http://www.sendmail.com/security/"
},
{
"title": "20030903-01-P",
"trust": 0.8,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030903-01-p.asc"
},
{
"title": "56922",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56922-1"
},
{
"title": "56860",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56860-1"
},
{
"title": "56922",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56922-3"
},
{
"title": "56860",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56860-3"
},
{
"title": "XTR Sendmail Security Update 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Sendmail Security Update 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "4 Sendmail Security Update 2.0.2",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-52",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-52.txt"
},
{
"title": "Sendmail Inc. Information for VU#784980",
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/aamn-5rhq64"
},
{
"title": "M500-012",
"trust": 0.8,
"url": "ftp://ftp.foretune.co.jp/pub/bsdos/patches-5.0/m500-012.ia32"
},
{
"title": "M431-011",
"trust": 0.8,
"url": "ftp://ftp.foretune.co.jp/pub/bsdos/patches-4.3.1/i386/m431-011"
},
{
"title": "RHSA-2003:283",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-283j.html"
},
{
"title": "RHSA-2003:284",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-284j.html"
},
{
"title": "TLSA-2003-52",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-52j.txt"
},
{
"title": "Debian Security Advisories: DSA-384-1 sendmail -- buffer overflows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=243b978e3f17d13dd590ac7cfc4a472f"
},
{
"title": "cumes",
"trust": 0.1,
"url": "https://github.com/byte-mug/cumes "
},
{
"title": "x0rzEQGRP",
"trust": 0.1,
"url": "https://github.com/happysmack/x0rzeqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/nekkidso/eqgrp "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/devkosov/test "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/hackcrypto/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/ninja-tw1st/eqgrp "
},
{
"title": "leaked2",
"trust": 0.1,
"url": "https://github.com/kongjiexi/leaked2 "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/391861737/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/muhammd/eqgrp "
},
{
"title": "ShadowBrokersFiles",
"trust": 0.1,
"url": "https://github.com/r3k1ng/shadowbrokersfiles "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/ckmaenn/eqgrp "
},
{
"title": "EQGRP_Linux",
"trust": 0.1,
"url": "https://github.com/cybernetix-s3c/eqgrp_linux "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/iha114/eqgrp "
},
{
"title": "ShadowBrokersFiles",
"trust": 0.1,
"url": "https://github.com/antiscammerarmy/shadowbrokersfiles "
},
{
"title": "shadowbrokerstuff",
"trust": 0.1,
"url": "https://github.com/thetrentusdev/shadowbrokerstuff "
},
{
"title": "bdhglopoj",
"trust": 0.1,
"url": "https://github.com/maxcvnd/bdhglopoj "
},
{
"title": "shadowbrokerstuff",
"trust": 0.1,
"url": "https://github.com/shakenetwork/shadowbrokerstuff "
},
{
"title": "x0rz-EQGRP",
"trust": 0.1,
"url": "https://github.com/r3p3r/x0rz-eqgrp "
},
{
"title": "ShadowBrokersStuff",
"trust": 0.1,
"url": "https://github.com/thetrentus/shadowbrokersstuff "
},
{
"title": "EQ1",
"trust": 0.1,
"url": "https://github.com/thepevertedspartan/eq1 "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/badbug6/eqgrp "
},
{
"title": "EQGRP-nasa",
"trust": 0.1,
"url": "https://github.com/soldie/eqgrp-nasa "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/mofty/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/thetrentus/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/namangangwar/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/x0rz/eqgrp "
},
{
"title": "SB--.-HACK-the-EQGRP-1",
"trust": 0.1,
"url": "https://github.com/cipherreborn/sb--.-hack-the-eqgrp-1 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.cert.org/advisories/ca-2003-25.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/784980"
},
{
"trust": 2.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html"
},
{
"trust": 2.6,
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:092"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2003-283.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2003-284.html"
},
{
"trust": 1.8,
"url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.11/scosa-2004.11.txt"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html"
},
{
"trust": 1.7,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2975"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a572"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a603"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/bid/8641"
},
{
"trust": 0.8,
"url": "http://archives.neohapsis.com/archives/sendmail/2003-q3/0002.html"
},
{
"trust": 0.8,
"url": "http://www.sendmail.org/patches/parse8.359.2.8"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-149.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0694"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/13204"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr033901.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr034001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-25"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2003-25"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0694"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030918_190150.html"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106382859407683\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106381604923204\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:603"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:572"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2975"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/servers/aix/"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000746"
},
{
"trust": 0.3,
"url": "http://www.sendmail.org/"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f56860"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f56922"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/qube3.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v4.0g/t64kit0020132-v40gb22-es-20031001.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51ab-ix-553-sendmail-ssrt3631.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51ab-ix-563-sendmail-ssrt3631.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51ab-ix-586-sendmail-ssrt3631.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51ab-ix-594-sendmail-ssrt3631.readme"
},
{
"trust": 0.3,
"url": "/archive/1/337839"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106383437615742\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106381604923204\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106382859407683\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106398718909274\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000742"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-384"
},
{
"trust": 0.1,
"url": "https://github.com/byte-mug/cumes"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#784980"
},
{
"db": "VULHUB",
"id": "VHN-7519"
},
{
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"db": "BID",
"id": "8641"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#784980"
},
{
"db": "VULHUB",
"id": "VHN-7519"
},
{
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"db": "BID",
"id": "8641"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-17T00:00:00",
"db": "CERT/CC",
"id": "VU#784980"
},
{
"date": "2003-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-7519"
},
{
"date": "2003-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"date": "2003-09-17T00:00:00",
"db": "BID",
"id": "8641"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"date": "2003-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"date": "2003-10-06T04:00:00",
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-29T00:00:00",
"db": "CERT/CC",
"id": "VU#784980"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-7519"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0694"
},
{
"date": "2009-07-11T23:56:00",
"db": "BID",
"id": "8641"
},
{
"date": "2007-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000278"
},
{
"date": "2006-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200310-019"
},
{
"date": "2018-10-30T16:26:22.763000",
"db": "NVD",
"id": "CVE-2003-0694"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sendmail prescan() buffer overflow vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#784980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "8641"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-019"
}
],
"trust": 0.9
}
}
VAR-201505-0233
Vulnerability from variot - Updated: 2024-07-22 21:28The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable.
Release Date: 2015-08-05 Last Updated: 2015-08-05
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.
This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.
References:
CVE-2015-4000: DHE man-in-the-middle protection (Logjam).
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided an updated version of OpenSSL to resolve this vulnerability.
A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 5 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6) - i386, x86_64
IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section.
Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. ============================================================================ Ubuntu Security Notice USN-2656-2 July 15, 2015
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it opened a malicious website.
Software Description: - firefox: Mozilla Open Source web browser
Details:
USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases.
This update provides the corresponding update for Ubuntu 12.04 LTS.
Original advisory details:
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. (CVE-2015-2721)
Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. (CVE-2015-2722, CVE-2015-2733)
Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)
Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. (CVE-2015-2727)
Paul Bandha discovered a type confusion bug in the Indexed DB Manager. (CVE-2015-2728)
Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)
Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)
A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. (CVE-2015-2731)
Ronald Crane discovered multiple security vulnerabilities. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)
David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)
Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: firefox 39.0+build5-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make all the necessary changes.
CVE-2015-4000
David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).
CVE-2015-7181 CVE-2015-7182 CVE-2016-1950
Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.
CVE-2015-7575
Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.
CVE-2016-1938
Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs. This could weaken the cryptographic
protections provided by NSS. However, NSS implements RSA-CRT leak
hardening, so RSA private keys are not directly disclosed by this
issue.
CVE-2016-1978
Eric Rescorla discovered a user-after-free vulnerability in the
implementation of ECDH-based TLS handshakes, with unknown
consequences.
CVE-2016-1979
Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER
processing, with application-specific impact.
CVE-2016-2834
Tyson Smith and Jed Davis discovered unspecified memory-safety
bugs in NSS.
In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges.
For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1.
For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1. HP Integration Adaptor v9.12. For further information, see the knowledge base article linked to in the References section.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
-
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-4000)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106. Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2015:1229-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1229.html Issue date: 2015-07-15 CVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 =====================================================================
- Summary:
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601)
A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808)
Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change.
A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000)
Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change.
It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749)
Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)
A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm
i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm
i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm
i386: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm
ppc64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
s390x: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.src.rpm
ppc64le: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm
ppc64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm
s390x: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.s390x.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.ael7b_1.noarch.rpm
ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2628 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#critical https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11 https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVpliAXlSAg2UNWIIRAmDIAKC0SKJPEBiUrI0sgDcQMZTM/nm7nwCfUIje QU57Hj/UGZeY+OmKchPFPcI= =miFC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Future updates may raise this limit to 1024 bits.
The nss and nss-util packages have been upgraded to upstream versions 3.19.1. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
6. OpenSSL Security Advisory [11 Jun 2015]
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).
OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n
Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.
Malformed ECParameters causes infinite loop (CVE-2015-1788)
Severity: Moderate
When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.
This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. 1.0.0d and 0.9.8r and below are affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.
Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
Severity: Moderate
X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.
An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.
PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
Severity: Moderate
The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.
CMS verify infinite loop with unknown hash function (CVE-2015-1792)
Severity: Moderate
When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.
This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Race condition handling NewSessionTicket (CVE-2015-1791)
Severity: Low
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.
Invalid free in DTLS (CVE-2014-8176)
Severity: Moderate
This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.
If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.
This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.
The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. DH parameter with 1024 bits is used by default. Allow to configure custom DHE or ECDHE parameters by appending the concerned parameter file to the certificate file given for the SSLCertificateFile directive.
CVE-2015-2808:
Disable RC4 cipher in configuration file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.35"
},
{
"model": "firefox os",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.2"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "sparc-opl service processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1121"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "jrockit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "r28.3.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "39.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "b.11.31"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.0"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.19"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "junos 12.1x44-d20",
"scope": null,
"trust": 0.9,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.3"
},
{
"model": "security network controller 1.0.3361m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "registered envelope service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "junos 12.1x44-d33",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "junos 12.1x47-d25",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.4"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "junos 13.3r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.35"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "netinsight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.2.2"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14"
},
{
"model": "rational automation framework ifix5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "junos 12.1x44-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3361"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.13-34"
},
{
"model": "junos 12.1x44-d51",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.20"
},
{
"model": "agent for openflow",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x44-d34",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "imc products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "junos 12.1x47-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.16-37"
},
{
"model": "digital media players 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "junos 12.1x44-d50",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.1r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "junos 12.3x48-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4-23"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.25-57"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-43"
},
{
"model": "telepresence conductor xc4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.16"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "ethernet switch es2-64",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.15"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "junos 12.3x48-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aspera enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "junos d30",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "local collector appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.11-28"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "ethernet switch es2-72",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.0.6"
},
{
"model": "junos 15.1r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.36"
},
{
"model": "security network controller 1.0.3350m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "junos 14.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5.1"
},
{
"model": "junos 14.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ethernet switch es2-64",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.34"
},
{
"model": "digital media players 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "jd edwards world security a9.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "junos 13.3r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60000"
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "registered envelope service",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4.1"
},
{
"model": "aspera orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "junos 12.3r6",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "ethernet switch es2-72",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "partner supporting service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9.15.9.8"
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15-36"
},
{
"model": "junos 12.1x44-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d40",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x44-d30.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "prime collaboration deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1p",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 15.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller 1.0.3379m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "packet tracer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "junos d20",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "50"
},
{
"model": "prime network services controller 3.4.1c",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.1"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.0"
},
{
"model": "hp-ux b.11.11.16.09",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "webex messenger service ep1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.9.9"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.15"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2919"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "hp-ux b.11.11.13.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 14.1r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "comware products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "70"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "ios xe",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.13"
},
{
"model": "10.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "hp-ux b.11.23.1.007",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "prime security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.4.2-4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.29-9"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "industrial router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9100"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "security network controller 1.0.3352m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security manager sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8"
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "rational tau interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "local collector appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.10"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "junos 13.2x51-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "junos 14.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "digital media players",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos d10",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "hp-ux b.11.11.02.008",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "junos 12.1x44-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "prime network services controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aspera point to point",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "webex messenger service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x46-d55",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "netinsight",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.14"
},
{
"model": "junos 12.1x47-d11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos 12.3r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3r7",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "esight network v300r003c10spc201",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "socialminer",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5.1"
},
{
"model": "junos 14.2r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "aspera faspex application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9.2"
},
{
"model": "asa cx and cisco prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 13.2x51-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d25",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x47-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "model d9485 davic qpsk",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "junos d35",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "vcx products",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "junos 12.1x47-d45",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "nexus series fex",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20000"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1.0"
},
{
"model": "security network controller 1.0.3381m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "prime collaboration provisioning",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "junos 12.1x44-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "rational tau interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.6"
},
{
"model": "digital media players series 5.4 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "hp-ux b.11.11.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.18-49"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "virtual security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "puredata system for analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "industrial router 1.2.1rb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "910"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.13-41"
},
{
"model": "aspera console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.31"
},
{
"model": "hp-ux b.11.23.07.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "netezza host management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"model": "unified attendant console standard",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.2d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "contactoptimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "junos 12.3x48-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3381"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9-34"
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43000"
},
{
"model": "security proventia network active bypass 0343c3c",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "junos 12.1x46-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "junos 12.3r11",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aspera proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.2"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "worklight consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "junos 13.3r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "esight network v300r003c10spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "aspera shares",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "junos 15.1x49-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3376"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.18-42"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"model": "junos 14.1r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.4"
},
{
"model": "aspera enterprise server client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "worklight foundation consumer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "aspera ondemand",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.4"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "junos 12.3r9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "telepresence conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security proventia network active bypass",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1876"
},
{
"model": "digital media players series 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4300"
},
{
"model": "worklight enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "connected analytics for collaboration",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud service automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "junos 12.1x44-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "worklight foundation enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.1"
},
{
"model": "hp-ux b.11.11.14.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "webex node for mcs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.1x44-d35.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "junos 12.3x48-d30",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.32"
},
{
"model": "virtual security gateway for microsoft hyper-v",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2.2.13"
},
{
"model": "services analytic platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "switch es1-24",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3.1.3"
},
{
"model": "security manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.9"
},
{
"model": "security network controller 1.0.3376m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "security network controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3379"
},
{
"model": "junos 13.2x51-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "network performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mobilefirst platform foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "hp-ux b.11.11.15.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "junos 15.1x49-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 14.2r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "model d9485 davic qpsk",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.19"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.1"
},
{
"model": "rational tau",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.33"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "sun network 10ge switch 72p",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.2.15"
},
{
"model": "junos 12.1x47-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d32",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 13.2x51-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "junos 12.3r10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "digital media players series 5.3 rb",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4400"
},
{
"model": "junos 12.1x44-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.1m",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2a",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.1m",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1121",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "132943"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132697"
},
{
"db": "PACKETSTORM",
"id": "132439"
}
],
"trust": 0.6
},
"cve": "CVE-2015-4000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4000",
"trust": 1.0,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. \nOpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. 6) - i386, x86_64\n\n3. \n\nIBM Java SDK and JRE 5.0 will not receive software updates after September\n2015. This date is referred to as the End of Service (EOS) date. Customers\nare advised to migrate to current versions of IBM Java at this time. IBM\nJava SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise\nLinux 5 and 6 Supplementary content sets and will continue to receive\nupdates based on IBM\u0027s lifecycle policy, linked to in the References\nsection. \n\nCustomers can also consider OpenJDK, an open source implementation of\nthe Java SE specification. OpenJDK is available by default on supported\nhardware architectures. ============================================================================\nUbuntu Security Notice USN-2656-2\nJuly 15, 2015\n\nfirefox vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nFirefox could be made to crash or run programs as your login if it\nopened a malicious website. \n\nSoftware Description:\n- firefox: Mozilla Open Source web browser\n\nDetails:\n\nUSN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and\nlater releases. \n\nThis update provides the corresponding update for Ubuntu 12.04 LTS. \n\nOriginal advisory details:\n\n Karthikeyan Bhargavan discovered that NSS incorrectly handled state\n transitions for the TLS state machine. \n (CVE-2015-2721)\n \n Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in\n some circumstances. (CVE-2015-2722,\n CVE-2015-2733)\n \n Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence\n Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru\n Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory\n safety issues in Firefox. (CVE-2015-2724,\n CVE-2015-2725, CVE-2015-2726)\n \n Armin Razmdjou discovered that opening hyperlinks with specific mouse\n and key combinations could allow a Chrome privileged URL to be opened\n without context restrictions being preserved. (CVE-2015-2727)\n \n Paul Bandha discovered a type confusion bug in the Indexed DB Manager. (CVE-2015-2728)\n \n Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a\n user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to obtain sensitive information. \n (CVE-2015-2729)\n \n Watson Ladd discovered that NSS incorrectly handled Elliptical Curve\n Cryptography (ECC) multiplication. A remote attacker could possibly use\n this issue to spoof ECDSA signatures. (CVE-2015-2730)\n \n A use-after-free was discovered when a Content Policy modifies the DOM to\n remove a DOM object. (CVE-2015-2731)\n \n Ronald Crane discovered multiple security vulnerabilities. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,\n CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n \n David Keeler discovered that key pinning checks can be skipped when an\n overridable certificate error occurs. This allows a user to manually\n override an error for a fake certificate, but cannot be exploited on its\n own. (CVE-2015-2741)\n \n Jonas Jenwald discovered that some internal workers were incorrectly\n executed with a high privilege. An attacker could potentially exploit this to impersonate\n the server. (CVE-2015-4000)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n firefox 39.0+build5-0ubuntu0.12.04.2\n\nAfter a standard system update you need to restart Firefox to make\nall the necessary changes. \n\nCVE-2015-4000\n\n David Adrian et al. reported that it may be feasible to attack\n Diffie-Hellman-based cipher suites in certain circumstances,\n compromising the confidentiality and integrity of data encrypted\n with Transport Layer Security (TLS). \n\nCVE-2015-7181\nCVE-2015-7182\nCVE-2016-1950\n\n Tyson Smith, David Keeler, and Francis Gabriel discovered\n heap-based buffer overflows in the ASN.1 DER parser, potentially\n leading to arbitrary code execution. \n\nCVE-2015-7575\n\n Karthikeyan Bhargavan discovered that TLS client implementation\n accepted MD5-based signatures for TLS 1.2 connections with forward\n secrecy, weakening the intended security strength of TLS\n connections. \n\nCVE-2016-1938\n\n Hanno Boeck discovered that NSS miscomputed the result of integer\n division for certain inputs. This could weaken the cryptographic\n protections provided by NSS. However, NSS implements RSA-CRT leak\n hardening, so RSA private keys are not directly disclosed by this\n issue. \n\nCVE-2016-1978\n\n Eric Rescorla discovered a user-after-free vulnerability in the\n implementation of ECDH-based TLS handshakes, with unknown\n consequences. \n\nCVE-2016-1979\n\n Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER\n processing, with application-specific impact. \n\nCVE-2016-2834\n\n Tyson Smith and Jed Davis discovered unspecified memory-safety\n bugs in NSS. \n\nIn addition, the NSS library did not ignore environment variables in\nprocesses which underwent a SUID/SGID/AT_SECURE transition at process\nstart. In certain system configurations, this allowed local users to\nescalate their privileges. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.23-1. \nHP Integration Adaptor v9.12. For\nfurther information, see the knowledge base article linked to in the\nReferences section. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-openjdk security update\nAdvisory ID: RHSA-2015:1229-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1229.html\nIssue date: 2015-07-15\nCVE Names: CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 \n CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 \n CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 \n CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 \n CVE-2015-4749 CVE-2015-4760 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit. \n\nMultiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2015-4760,\nCVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733)\n\nA flaw was found in the way the Libraries component of OpenJDK verified\nOnline Certificate Status Protocol (OCSP) responses. An OCSP response with\nno nextUpdate date specified was incorrectly handled as having unlimited\nvalidity, possibly causing a revoked X.509 certificate to be interpreted as\nvalid. (CVE-2015-4748)\n\nIt was discovered that the JCE component in OpenJDK failed to use constant\ntime comparisons in multiple cases. An attacker could possibly use these\nflaws to disclose sensitive information by measuring the time used to\nperform operations using these non-constant time comparisons. \n(CVE-2015-2601)\n\nA flaw was found in the RC4 encryption algorithm. When using certain keys\nfor RC4 encryption, an attacker could obtain portions of the plain text\nfrom the cipher text without the knowledge of the encryption key. \n(CVE-2015-2808)\n\nNote: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by\ndefault to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug\n1207101, linked to in the References section, for additional details about\nthis change. \n\nA flaw was found in the way the TLS protocol composed the Diffie-Hellman\n(DH) key exchange. A man-in-the-middle attacker could use this flaw to\nforce the use of weak 512 bit export-grade keys during the key exchange,\nallowing them do decrypt all traffic. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenJDK to\nreject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211,\nlinked to in the References section, for additional details about this\nchange. \n\nIt was discovered that the JNDI component in OpenJDK did not handle DNS\nresolutions correctly. An attacker able to trigger such DNS errors could\ncause a Java application using JNDI to consume memory and CPU time, and\npossibly block further DNS resolution. (CVE-2015-4749)\n\nMultiple information leak flaws were found in the JMX and 2D components in\nOpenJDK. An untrusted Java application or applet could use this flaw to\nbypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632)\n\nA flaw was found in the way the JSSE component in OpenJDK performed X.509\ncertificate identity verification when establishing a TLS/SSL connection to\na host identified by an IP address. In certain cases, the certificate was\naccepted as valid if it was issued for a host name to which the IP address\nresolves rather than for the IP address. (CVE-2015-2625)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1207101 - CVE-2015-2808 SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)\n1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)\n1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)\n1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)\n1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)\n1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)\n1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)\n1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)\n1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)\n1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)\n1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)\n1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.3.el6_6.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nppc64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\n\ns390x:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.src.rpm\n\nppc64le:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nppc64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.ppc64.rpm\n\ns390x:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.s390x.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.ael7b_1.noarch.rpm\n\nppc64le:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.ael7b_1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.85-2.6.1.2.el7_1.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.85-2.6.1.2.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-2590\nhttps://access.redhat.com/security/cve/CVE-2015-2601\nhttps://access.redhat.com/security/cve/CVE-2015-2621\nhttps://access.redhat.com/security/cve/CVE-2015-2625\nhttps://access.redhat.com/security/cve/CVE-2015-2628\nhttps://access.redhat.com/security/cve/CVE-2015-2632\nhttps://access.redhat.com/security/cve/CVE-2015-2808\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2015-4731\nhttps://access.redhat.com/security/cve/CVE-2015-4732\nhttps://access.redhat.com/security/cve/CVE-2015-4733\nhttps://access.redhat.com/security/cve/CVE-2015-4748\nhttps://access.redhat.com/security/cve/CVE-2015-4749\nhttps://access.redhat.com/security/cve/CVE-2015-4760\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVpliAXlSAg2UNWIIRAmDIAKC0SKJPEBiUrI0sgDcQMZTM/nm7nwCfUIje\nQU57Hj/UGZeY+OmKchPFPcI=\n=miFC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications. Future updates may raise this limit to\n1024 bits. \n\nThe nss and nss-util packages have been upgraded to upstream versions\n3.19.1. The upgraded versions provide a number of bug fixes and\nenhancements over the previous versions. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n\n6. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates. This includes TLS clients and TLS servers with\nclient authentication enabled. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \nDH parameter with 1024 bits is used by default. \nAllow to configure custom DHE or ECDHE parameters by appending the concerned\nparameter file to the certificate file given for the SSLCertificateFile\ndirective. \n\nCVE-2015-2808:\n\nDisable RC4 cipher in configuration file",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
},
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132943"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132699"
},
{
"db": "PACKETSTORM",
"id": "133990"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132921"
},
{
"db": "PACKETSTORM",
"id": "132697"
},
{
"db": "PACKETSTORM",
"id": "132439"
},
{
"db": "PACKETSTORM",
"id": "132413"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "PACKETSTORM",
"id": "135172"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4000",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1033064",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1034884",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032777",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032649",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033065",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032865",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032784",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032871",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033760",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033067",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1036218",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033222",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032778",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032637",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032759",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033208",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033430",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1034087",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032702",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032783",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032648",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032476",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033991",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1040630",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032960",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033891",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032856",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033416",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032910",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033513",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032475",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032651",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032727",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032864",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033341",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033433",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032688",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032645",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033019",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033209",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032652",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032654",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032655",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032932",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032653",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032474",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1034728",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032650",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033385",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1033210",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032699",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032884",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032656",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1032647",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/05/20/8",
"trust": 1.0
},
{
"db": "JUNIPER",
"id": "JSA10681",
"trust": 1.0
},
{
"db": "JUNIPER",
"id": "JSA10727",
"trust": 1.0
},
{
"db": "BID",
"id": "74733",
"trust": 1.0
},
{
"db": "BID",
"id": "91787",
"trust": 1.0
},
{
"db": "MCAFEE",
"id": "SB10122",
"trust": 1.0
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.0
},
{
"db": "JUNIPER",
"id": "JSA10694",
"trust": 0.3
},
{
"db": "BID",
"id": "75652",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "139002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132835",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133990",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132803",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132921",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132697",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132413",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169629",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132943"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132699"
},
{
"db": "PACKETSTORM",
"id": "133990"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132921"
},
{
"db": "PACKETSTORM",
"id": "132697"
},
{
"db": "PACKETSTORM",
"id": "132439"
},
{
"db": "PACKETSTORM",
"id": "132413"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"id": "VAR-201505-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.54851742
},
"last_update_date": "2024-07-22T21:28:15.176000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2656-2"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2656-1"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"trust": 1.0,
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"trust": 1.0,
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"trust": 1.0,
"url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
},
{
"trust": 1.0,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402"
},
{
"trust": 1.0,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10681"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10727"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"trust": 1.0,
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht204942"
},
{
"trust": 1.0,
"url": "http://support.citrix.com/article/ctx201114"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"trust": 1.0,
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 1.0,
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"trust": 1.0,
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/74733"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032474"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032475"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032476"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032637"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032645"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032647"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032648"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032649"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032650"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032651"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032652"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032653"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032654"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032655"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032656"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032688"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032699"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032702"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032727"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032759"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032777"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032778"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032783"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032784"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032856"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032864"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032865"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032871"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032884"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032910"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032932"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1032960"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033019"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033064"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033065"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033067"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033208"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033209"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033210"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033222"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033341"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033385"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033416"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033430"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033433"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033513"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033760"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033891"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1033991"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1034087"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1034728"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1034884"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1036218"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1040630"
},
{
"trust": 1.0,
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-2673-1"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-2696-1"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-2706-1"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/"
},
{
"trust": 1.0,
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"trust": 1.0,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.0,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083"
},
{
"trust": 1.0,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
},
{
"trust": 1.0,
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"trust": 1.0,
"url": "https://puppet.com/security/cve/cve-2015-4000"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20150619-0001/"
},
{
"trust": 1.0,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.0,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03831en_us"
},
{
"trust": 1.0,
"url": "https://weakdh.org/"
},
{
"trust": 1.0,
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"trust": 1.0,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"trust": 1.0,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403"
},
{
"trust": 1.0,
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.0,
"url": "https://www.suse.com/security/cve/cve-2015-4000.html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-4000"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4732"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4760"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2601"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2632"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2590"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4733"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4749"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4731"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4748"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2625"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4760"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2621"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2601"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4732"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2632"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4733"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4748"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4731"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-4749"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2015-2590"
},
{
"trust": 0.3,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2015-july/000037.html"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://support.asperasoft.com/entries/94843988-security-bulletin-openssl-,-tls-vulnerabilities-logjam-cve-2015-4000"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/aug/13"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/secadv_20150709.txt"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04822825"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl"
},
{
"trust": 0.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454058.htm"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964231"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21965399"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962398"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962929"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963448"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html#2015-1793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965725"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965807"
},
{
"trust": 0.3,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.3,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.3,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2664"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-1931"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2638"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2638"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1931"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2664"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2637"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2637"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2625"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2628"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2737"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2739"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2724"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2738"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1979"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0460"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/developerworks/java/jdk/lifecycle/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2730"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2743"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumbe"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04832246"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2688611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/222023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2628"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/releasestrat.html),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
},
{
"trust": 0.1,
"url": "https://rt.openssl.org/ticket/display.html?id=3286"
}
],
"sources": [
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132943"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132699"
},
{
"db": "PACKETSTORM",
"id": "133990"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132921"
},
{
"db": "PACKETSTORM",
"id": "132697"
},
{
"db": "PACKETSTORM",
"id": "132439"
},
{
"db": "PACKETSTORM",
"id": "132413"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "75652"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "132835"
},
{
"db": "PACKETSTORM",
"id": "132973"
},
{
"db": "PACKETSTORM",
"id": "132943"
},
{
"db": "PACKETSTORM",
"id": "133039"
},
{
"db": "PACKETSTORM",
"id": "132699"
},
{
"db": "PACKETSTORM",
"id": "133990"
},
{
"db": "PACKETSTORM",
"id": "132803"
},
{
"db": "PACKETSTORM",
"id": "135172"
},
{
"db": "PACKETSTORM",
"id": "133337"
},
{
"db": "PACKETSTORM",
"id": "139114"
},
{
"db": "PACKETSTORM",
"id": "132921"
},
{
"db": "PACKETSTORM",
"id": "132697"
},
{
"db": "PACKETSTORM",
"id": "132439"
},
{
"db": "PACKETSTORM",
"id": "132413"
},
{
"db": "PACKETSTORM",
"id": "169629"
},
{
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-09T00:00:00",
"db": "BID",
"id": "75652"
},
{
"date": "2016-10-06T20:59:47",
"db": "PACKETSTORM",
"id": "139002"
},
{
"date": "2015-07-27T15:36:14",
"db": "PACKETSTORM",
"id": "132835"
},
{
"date": "2015-08-06T10:10:00",
"db": "PACKETSTORM",
"id": "132973"
},
{
"date": "2015-08-04T17:55:43",
"db": "PACKETSTORM",
"id": "132943"
},
{
"date": "2015-08-12T19:42:09",
"db": "PACKETSTORM",
"id": "133039"
},
{
"date": "2015-07-16T17:45:50",
"db": "PACKETSTORM",
"id": "132699"
},
{
"date": "2015-10-16T01:44:08",
"db": "PACKETSTORM",
"id": "133990"
},
{
"date": "2015-07-22T22:38:54",
"db": "PACKETSTORM",
"id": "132803"
},
{
"date": "2016-01-08T15:12:14",
"db": "PACKETSTORM",
"id": "135172"
},
{
"date": "2015-08-26T23:41:29",
"db": "PACKETSTORM",
"id": "133337"
},
{
"date": "2016-10-12T20:16:45",
"db": "PACKETSTORM",
"id": "139114"
},
{
"date": "2015-08-04T01:08:37",
"db": "PACKETSTORM",
"id": "132921"
},
{
"date": "2015-07-16T17:45:29",
"db": "PACKETSTORM",
"id": "132697"
},
{
"date": "2015-06-25T14:18:03",
"db": "PACKETSTORM",
"id": "132439"
},
{
"date": "2015-06-23T14:09:34",
"db": "PACKETSTORM",
"id": "132413"
},
{
"date": "2015-06-11T12:12:12",
"db": "PACKETSTORM",
"id": "169629"
},
{
"date": "2015-05-21T00:59:00.087000",
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-26T05:10:00",
"db": "BID",
"id": "75652"
},
{
"date": "2023-02-09T16:15:28.840000",
"db": "NVD",
"id": "CVE-2015-4000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "75652"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL CVE-2015-1793 Certificate Verification Security Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "75652"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "75652"
}
],
"trust": 0.3
}
}
VAR-200411-0171
Vulnerability from variot - Updated: 2024-03-18 21:58The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. OpenSSL for, Kerberos using a cipher suite SSL/TLS When communicating, there is a flaw in not properly checking the communication data during the key exchange during handshake, and it is intentionally created. Please note that this vulnerability OpenSSL Applications and systems using the library may also be affected. For more detailed information about other systems, NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please also check.OpenSSL Applications that use this crash and cause a denial of service. (DoS) may become a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications.
When using Kerberos ciphersuites, there is a flaw in the SSL / TLS handshake code. A remote attacker can construct a special SSL / TLS handshake and send it to a server configured with Kerberos ciphersuites. Most applications do not use Kerberos ciphersuites. It is therefore not affected by this vulnerability. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc.
TITLE: Fedora update for openssl096b
SECUNIA ADVISORY ID: SA17381
VERIFY ADVISORY: http://secunia.com/advisories/17381/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Fedora Core 3 http://secunia.com/product/4222/
DESCRIPTION: Fedora has issued an update for openssl096b.
For more information: SA10133 SA11139
SOLUTION: Apply updated packages.
Fedora Core 3: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
8d68e4b430aa7c5ca067c12866ae694e SRPMS/openssl096b-0.9.6b-21.42.src.rpm 54a9e78a2fdd625b9dc9121e09eb4398 x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm c5c6174e23eba8d038889d08f49231b8 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm 56b63fc150d0c099b2e4f0950e21005b x86_64/openssl096b-0.9.6b-21.42.i386.rpm 56b63fc150d0c099b2e4f0950e21005b i386/openssl096b-0.9.6b-21.42.i386.rpm 93195495585c7e9789041c75b1ed5380 i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm
OTHER REFERENCES: SA10133: http://secunia.com/advisories/10133/
SA11139: http://secunia.com/advisories/11139/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability
Revision 1.0
For Public Release 2004 March 17 at 1300 UTC (GMT)
----------------------------------------------------------------------
Contents
Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice: INTERIM
Distribution
Revision History
Cisco Security Procedures
----------------------------------------------------------------------
Summary
A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004.
An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack. There are workarounds available to mitigate the effects of this vulnerability on Cisco products in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it when it is available.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml.
* Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto
images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series
Routers.
* Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)
are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600
Series Routers.
* Cisco PIX Firewall
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers
* Cisco MDS 9000 Series Multilayer Switch
* Cisco Content Service Switch (CSS) 11000 series
* Cisco Global Site Selector (GSS) 4480
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1
* Cisco Access Registrar (CAR)
The following products have their SSL implementation based on the OpenSSL code and are not affected by this vulnerability.
* Cisco Secure Intrusion Detection System (NetRanger) appliance. This
includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2.
* Cisco SN 5428 and SN 5428-2 Storage Router
* Cisco CNS Configuration Engine
* Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and
6500 Series switches and Cisco 7600 Series routers
* Cisco SIP Proxy Server (SPS)
* CiscoWorks 1105 Hosting Solution Engine (HSE)
* CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)
* Cisco Ethernet Subscriber Solution Engine (ESSE)
The following products, which implement SSL, are not affected by this vulnerability.
* Cisco VPN 3000 Series Concentrators
CatOS does not implement SSL and is not vulnerable. This vulnerability is still being actively investigated across Cisco products and status of some products has still not been determined.
Details
Secure Sockets Layer (SSL), is a protocol used to encrypt the data transferred over an TCP session. SSL in Cisco products is mainly used by the HyperText Transfer Protocol Secure (HTTPS) web service for which the default TCP port is 443. The affected products, listed above, are only vulnerable if they have the HTTPS service enabled and the access to the service is not limited to trusted hosts or network management workstations.
To check if the HTTPS service is enabled one can do the following:
1. Check the configuration on the device to verify the status of the
HTTPS service.
2. Try to connect to the device using a standard web browser that
supports SSL using a URL similar to https://ip_address_of_device/.
3. Try and connect to the default HTTPS port, TCP 443, using Telnet.
telnet ip_address_of_device 443. If the session connects the service
is enabled and accessible.
Testing by the OpenSSL development team has uncovered a null-pointer assignment in the do_change_cipher_spec() function. This crash on many Cisco products would cause the device to reload.
A third vulnerability described in the NISCC advisory is a bug in older versions of OpenSSL, versions before 0.9.6d, that can also lead to a Denial of Service attack. None of the Cisco OpenSSL implementations are known to be affected by this older OpenSSL issue.
* Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)
image releases in the 12.1E release train for the Cisco 7100 and 7200
Series Routers are affected by this vulnerability. All IOS software
crypto (k8, k9, and k91) image releases in the 12.2SY release train
for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are
affected by this vulnerability. The SSH implementation in IOS is not
dependent on any OpenSSL code. SSH implementations in IOS do not
handle certificates, yet, and therefore do not use any SSL code for
SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for
providing the HTTPS and VPN Device Manager (VDM) services. This
vulnerability is documented in the Cisco Bug Toolkit (registered
customers only) as Bug ID CSCee00041. The HTTPS web service, that uses
the OpenSSL code, on the device is disabled by default. The no ip http
secure-server command may be used to disable the HTTPS web service on
the device, if required. The SSH and IPSec services in IOS are not
vulnerable to this vulnerability.
* Cisco PIX Firewall - PIX 6.x releases are affected by this
vulnerability. PIX 5.x releases do not contain any SSL code and are
not vulnerable. This vulnerability is documented in the Cisco Bug
Toolkit (registered customers only) as Bug ID CSCed90672.
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee02055.
* Cisco MDS 9000 Series Multilayer Switches - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCed96246.
* Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x
and 7.x are affected by this vulnerability. This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit
(registered customers only) as Bug ID CSCee01240 for the SSL module.
* Cisco Global Site Selector (GSS) 4480 - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCee01057.
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1 - This vulnerability is
documented in the Cisco Bug Toolkit (registered customers only) as Bug
ID CSCsa13748.
* Cisco Access Registrar (CAR) - This vulnerability is documented in the
Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956.
The Internetworking Terms and Cisco Systems Acronyms online guides can be found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/.
Impact
An affected network device running an SSL server based on the OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
Software Versions and Fixes
* Cisco IOS -
+----------------------------------------+
|Release| Fixed Releases |Availability |
| Train | | |
|-------+------------------+-------------|
|12.2SY |12.2(14)SY4 |March 25 |
|-------+------------------+-------------|
| |12.1(13)E14 |April 8 |
|12.1E |12.1.(19)E7 |April 8 |
| |12.1(20)E3 |April 26 |
+----------------------------------------+
* Cisco PIX Firewall - The vulnerability is fixed in software releases
6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering
builds may be obtained by contacting the Cisco Technical Assistance
Center (TAC). TAC Contact information is given in the Obtaining Fixed
Software section below.
* Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series and Cisco 7600 Series routers - The vulnerability is fixed in
software release 1.1.3(14) which will be available by Monday, 22 of
March, 2004. This engineering builds may be obtained by contacting the
Cisco Technical Assistance Center (TAC). TAC Contact information is
given in the Obtaining Fixed Software section below.
* Cisco MDS 9000 Series Multilayer Switches - No fixed software release
or software availability date has been determined yet.
* Cisco Content Service Switch (CSS) 11000 series -No fixed software
release or software availability date has been determined yet.
* Cisco Global Site Selector (GSS) 4480 - No fixed software release or
software availability date has been determined yet.
* CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common
Management Foundation (CMF) version 2.1 - No fixed software release or
software availability date has been determined yet.
* Cisco Access Registrar (CAR) - The vulnerability is fixed in software
release 3.5.0.12 which will be available by Friday, 26 of March, 2004.
Obtaining Fixed Software
Cisco is offering free software upgrades to address this vulnerability for all affected customers.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, Customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set forth at the Cisco Connection Online Software Center at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center. To access the software download URL, you must be a registered user and you must be logged in.
Customers whose Cisco products are provided or maintained through a prior or existing agreement with third-party support organizations such as Cisco Partners, authorized resellers, or service providers, should contact that support organization for assistance with obtaining the software upgrade(s).
Customers who purchase direct from Cisco but who do not hold a Cisco service contract and customers who purchase through third-party vendors but are unsuccessful at obtaining fixed software through their point of sale should get their upgrades by contacting the Cisco Technical Assistance Center (TAC) using the contact information listed below. In these cases, customers are entitled to obtain a free upgrade to a later version of the same release or as indicated by the applicable corrected software version in the Software Versions and Fixes section (noted above).
Cisco TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including special localized telephone numbers and instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of this notice as evidence of your entitlement to a upgrade. Upgrades for non-contract customers must be requested through the TAC.
Please do not contact either "psirt@cisco.com" or "security-alert@cisco.com" for software upgrades.
Workarounds
The Cisco PSIRT recommends that affected users upgrade to a fixed software version of code as soon as it is available.
* Restrict access to the HTTPS server on the network device. Allow
access to the network device only from trusted workstations by using
access lists / MAC filters that are available on the affected
platforms.
* Disable the SSL server / service on the network device. This
workaround must be weighed against the need for secure communications
with the vulnerable device.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any malicious use of the vulnerability described in this advisory.
Status of This Notice: INTERIM
This is an interim advisory. Although Cisco cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Cisco does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Cisco may update this advisory.
A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory will be posted on Cisco's worldwide website at http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml .
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org (includes CERT/CC)
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.netsys.com
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------+ |Revision 1.0|2004-March-17|Initial | | | |release. | +------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information.
----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Comment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT
iD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid 7AhsNlLsNVSLwTRKTHSigu0= =gtba -----END PGP SIGNATURE----- .
OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):
ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.7d.tar.gz
MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5
o openssl-0.9.6m.tar.gz [normal]
MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9
o openssl-engine-0.9.6m.tar.gz [engine]
MD5 checksum: 4c39d2524bd466180f9077f8efddac8c
The checksums were calculated using the following command:
openssl md5 openssl-0.9*.tar.gz
Credits
Patches for these issues were created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team. The OpenSSL team would like to thank Codenomicon for supplying the TLS Test Tool which was used to discover these vulnerabilities, and Joe Orton of Red Hat for performing the majority of the testing.
References
http://www.codenomicon.com/testtools/tls/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
URL for this Security Advisory: http://www.openssl.org/news/secadv_20040317.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200411-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freebsd",
"scope": "eq",
"trust": 1.9,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.9,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5.2"
},
{
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.4"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "2.0"
},
{
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "1.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.04"
},
{
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.00"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "6.10"
},
{
"model": "secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "okena stormwatch",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.1.3"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.1.2"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ciscoworks common services",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ciscoworks common management foundation",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg203",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "sg203",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3.1"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.4"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.3"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.2"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.1"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "4.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.10"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.00"
},
{
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.40"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5.1.46"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "2000_r2.0.1"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.1"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2_.111"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy1"
},
{
"model": "aaa server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "application and content networking software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.109\\)"
},
{
"model": "clientless vpn gateway 4400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "5.0"
},
{
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.7a-2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.2.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(1\\)"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.20"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "10000_r2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.5.18"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3.100\\)"
},
{
"model": "threat response",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3400"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e12"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.2"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.2.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.30"
},
{
"model": "sg208",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5000_r2.0.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "8.5.12a"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "*"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "litespeedtech",
"version": "1.0.1"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "vsx_ng_with_application_intelligence"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.01"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(19\\)e1"
},
{
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7c"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "2.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(2\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"model": "gss 4490 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(13\\)e9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.7"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.05.08"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.1_build_5336"
},
{
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "provider-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1.02"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.10_b4"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_3.0"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.7.1"
},
{
"model": "mds 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.1"
},
{
"model": "crypto accelerator 4000",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6k"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.8"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1_\\(3.005\\)"
},
{
"model": "css11000 content services switch",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2_0.0.03"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2sy"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "8.05"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3210"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6-15"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(1\\)"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.04"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2za"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6b-3"
},
{
"model": "access registrar",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.6"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4\\)"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(4\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.102\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4.101\\)"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.02"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.9"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.1.02"
},
{
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.12"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e14"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.2.06"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "7500_r2.0.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.0.7"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3\\)"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.01"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.2"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0_build_7592"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(3\\)"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.1_build_2129"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_\\(0.208\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(5\\)"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5x"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.6.2"
},
{
"model": "gss 4480 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11\\)e"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.10_.0.06s"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(1\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(2\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "2.1"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "500"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.03"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.5.17"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "100_r2.0.1"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_2.0"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.0,
"vendor": "forcepoint",
"version": "1.7.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "netwatcher",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "turbolinux appliance server",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "hp-ux apache-based web server",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "trendmicro interscan viruswall",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "provider-1",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "7115"
},
{
"model": "hp wbem services",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "turbolinux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "red hat enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "netshelter\u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "sun cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "7117"
},
{
"model": "netbsd",
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": "vine linux",
"scope": null,
"trust": 0.8,
"vendor": "vine linux",
"version": null
},
{
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "red hat linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "sun crypto accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "turbolinux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "ipcom\u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "firewall-1 gx",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "hp-ux aaa server",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "vpn-1/firewall-1",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "turbolinux workstation",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": "7110"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.07592"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.12129"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"model": "clientless vpn gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "44005.0"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "40001.0"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.24"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.23"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.02"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.04"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.03"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.02"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.01"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.1"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "openssl096b-0.9.6b-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl096-0.9.6-15.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-perl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-devel-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "hat fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3.1"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.2"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.1"
},
{
"model": "litespeed web server rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.1"
},
{
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1.1"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.1"
},
{
"model": "wbem a.02.00.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem a.02.00.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem a.01.05.08",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.5"
},
{
"model": "aaa server",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.13"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.12"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.1"
},
{
"model": "webns .0.06s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.20.0.03"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.2.06"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.1.02"
},
{
"model": "webns b4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.10"
},
{
"model": "threat response",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.109)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.102)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3.100)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"model": "ios 12.2za",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44900"
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(0.208)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(3.005)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "access registrar",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software vpn-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 gx",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "2.0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.12"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7500"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5x0"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "50"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2000"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10000"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "100"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "s8700 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity r5 r5.1.46",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity audix r5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "intuity s3400",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity s3210",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "gsx server",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"model": "stonegate sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.12"
},
{
"model": "stonegate",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5x86"
},
{
"model": "stonegate ibm zseries",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5"
},
{
"model": "computing sidewinder",
"scope": "ne",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.10"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "4.1"
},
{
"model": "project openssl d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl m",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.2"
},
{
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"model": "secure gateway for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "1.14"
},
{
"model": "threat response",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(0.86)"
},
{
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90001.3(3.33)"
},
{
"model": "point software vpn-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "webstar",
"scope": "ne",
"trust": 0.3,
"vendor": "4d",
"version": "5.3.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#484726"
},
{
"db": "CNVD",
"id": "CNVD-2004-0790"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.5.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.5.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:forcepoint:stonegate:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:litespeedtech:litespeed_web_server:1.3:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-0112",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-8542",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0112",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#484726",
"trust": 0.8,
"value": "10.32"
},
{
"author": "CNNVD",
"id": "CNNVD-200411-112",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#484726"
},
{
"db": "VULHUB",
"id": "VHN-8542"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. OpenSSL for, Kerberos using a cipher suite SSL/TLS When communicating, there is a flaw in not properly checking the communication data during the key exchange during handshake, and it is intentionally created. Please note that this vulnerability OpenSSL Applications and systems using the library may also be affected. For more detailed information about other systems, NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please also check.OpenSSL Applications that use this crash and cause a denial of service. (DoS) may become a state. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. It is now widely used in various network applications. \n\n\u00a0When using Kerberos ciphersuites, there is a flaw in the SSL / TLS handshake code. A remote attacker can construct a special SSL / TLS handshake and send it to a server configured with Kerberos ciphersuites. Most applications do not use Kerberos ciphersuites. It is therefore not affected by this vulnerability. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. \nApache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. \nAppkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. \nBluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. \nCoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. \nCUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. \nDirectory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. \nHItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. \nKerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. \nloginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. \nMail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. \nMySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. \nOpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. \nping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. \nQuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. \nSafari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. \nSecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. \nservermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. \nservermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. \nSquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. \ntraceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. \nWebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. \nWeblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. \nX11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. \nzlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. \nThese vulnerabilities will be separated into individual BIDs upon further analysis of the issues. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n\nTITLE:\nFedora update for openssl096b\n\nSECUNIA ADVISORY ID:\nSA17381\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17381/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nFedora Core 3\nhttp://secunia.com/product/4222/\n\nDESCRIPTION:\nFedora has issued an update for openssl096b. \n\nFor more information:\nSA10133\nSA11139\n\nSOLUTION:\nApply updated packages. \n\nFedora Core 3:\nhttp://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/\n\n8d68e4b430aa7c5ca067c12866ae694e\nSRPMS/openssl096b-0.9.6b-21.42.src.rpm\n54a9e78a2fdd625b9dc9121e09eb4398\nx86_64/openssl096b-0.9.6b-21.42.x86_64.rpm\nc5c6174e23eba8d038889d08f49231b8\nx86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm\n56b63fc150d0c099b2e4f0950e21005b\nx86_64/openssl096b-0.9.6b-21.42.i386.rpm\n56b63fc150d0c099b2e4f0950e21005b\ni386/openssl096b-0.9.6b-21.42.i386.rpm\n93195495585c7e9789041c75b1ed5380\ni386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm\n\nOTHER REFERENCES:\nSA10133:\nhttp://secunia.com/advisories/10133/\n\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability\n\nRevision 1.0\n\n For Public Release 2004 March 17 at 1300 UTC (GMT)\n\n ----------------------------------------------------------------------\n\nContents\n\n Summary\n Affected Products\n Details\n Impact\n Software Versions and Fixes\n Obtaining Fixed Software\n Workarounds\n Exploitation and Public Announcements\n Status of This Notice: INTERIM\n Distribution\n Revision History\n Cisco Security Procedures\n\n ----------------------------------------------------------------------\n\nSummary\n\n A new vulnerability in the OpenSSL implementation for SSL\n has been announced on March 17, 2004. \n\n An affected network device running an SSL server based on an affected\n OpenSSL implementation may be vulnerable to a Denial of Service (DoS)\n attack. There are workarounds available to mitigate the effects of this\n vulnerability on Cisco products in the workaround section of this\n advisory. Cisco is providing fixed software, and recommends that customers\n upgrade to it when it is available. \n\n This advisory will be posted at\n http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml. \n\n * Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto\n images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series\n Routers. \n * Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91)\n are vulnerable for the Cisco Catalyst 6500 Series and Cisco 7600\n Series Routers. \n * Cisco PIX Firewall\n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers\n * Cisco MDS 9000 Series Multilayer Switch\n * Cisco Content Service Switch (CSS) 11000 series\n * Cisco Global Site Selector (GSS) 4480\n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1\n * Cisco Access Registrar (CAR)\n\n The following products have their SSL implementation based on the OpenSSL\n code and are not affected by this vulnerability. \n\n * Cisco Secure Intrusion Detection System (NetRanger) appliance. This\n includes the IDS-42xx appliances, NM-CIDS and WS-SVS-IDSM2. \n * Cisco SN 5428 and SN 5428-2 Storage Router\n * Cisco CNS Configuration Engine\n * Cisco Network Analysis Modules (NAM) for the Cisco Catalyst 6000 and\n 6500 Series switches and Cisco 7600 Series routers\n * Cisco SIP Proxy Server (SPS)\n * CiscoWorks 1105 Hosting Solution Engine (HSE)\n * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)\n * Cisco Ethernet Subscriber Solution Engine (ESSE)\n\n The following products, which implement SSL, are not affected by this\n vulnerability. \n\n * Cisco VPN 3000 Series Concentrators\n\n CatOS does not implement SSL and is not vulnerable. This vulnerability is still being actively investigated\n across Cisco products and status of some products has still not been\n determined. \n\nDetails\n\n Secure Sockets Layer (SSL), is a protocol used to encrypt the data\n transferred over an TCP session. SSL in Cisco products is mainly used by\n the HyperText Transfer Protocol Secure (HTTPS) web service for which the\n default TCP port is 443. The affected products, listed above, are only\n vulnerable if they have the HTTPS service enabled and the access to the\n service is not limited to trusted hosts or network management\n workstations. \n\n To check if the HTTPS service is enabled one can do the following:\n\n 1. Check the configuration on the device to verify the status of the\n HTTPS service. \n 2. Try to connect to the device using a standard web browser that\n supports SSL using a URL similar to https://ip_address_of_device/. \n 3. Try and connect to the default HTTPS port, TCP 443, using Telnet. \n telnet ip_address_of_device 443. If the session connects the service\n is enabled and accessible. \n\n Testing by the OpenSSL development team has uncovered a null-pointer\n assignment in the do_change_cipher_spec() function. This\n crash on many Cisco products would cause the device to reload. \n\n A third vulnerability described in the NISCC advisory is a bug in older\n versions of OpenSSL, versions before 0.9.6d, that can also lead to a\n Denial of Service attack. None of the Cisco OpenSSL implementations are\n known to be affected by this older OpenSSL issue. \n\n * Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2)\n image releases in the 12.1E release train for the Cisco 7100 and 7200\n Series Routers are affected by this vulnerability. All IOS software\n crypto (k8, k9, and k91) image releases in the 12.2SY release train\n for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are\n affected by this vulnerability. The SSH implementation in IOS is not\n dependent on any OpenSSL code. SSH implementations in IOS do not\n handle certificates, yet, and therefore do not use any SSL code for\n SSH. OpenSSL in 12.1E and 12.2SY release trains is only used for\n providing the HTTPS and VPN Device Manager (VDM) services. This\n vulnerability is documented in the Cisco Bug Toolkit (registered\n customers only) as Bug ID CSCee00041. The HTTPS web service, that uses\n the OpenSSL code, on the device is disabled by default. The no ip http\n secure-server command may be used to disable the HTTPS web service on\n the device, if required. The SSH and IPSec services in IOS are not\n vulnerable to this vulnerability. \n * Cisco PIX Firewall - PIX 6.x releases are affected by this\n vulnerability. PIX 5.x releases do not contain any SSL code and are\n not vulnerable. This vulnerability is documented in the Cisco Bug\n Toolkit (registered customers only) as Bug ID CSCed90672. \n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee02055. \n * Cisco MDS 9000 Series Multilayer Switches - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCed96246. \n * Cisco Content Service Switch (CSS) 11000 series - WebNS version 6.x\n and 7.x are affected by this vulnerability. This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee01234 for SCM and is documented in the Cisco Bug Toolkit\n (registered customers only) as Bug ID CSCee01240 for the SSL module. \n * Cisco Global Site Selector (GSS) 4480 - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCee01057. \n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1 - This vulnerability is\n documented in the Cisco Bug Toolkit (registered customers only) as Bug\n ID CSCsa13748. \n * Cisco Access Registrar (CAR) - This vulnerability is documented in the\n Cisco Bug Toolkit (registered customers only) as Bug ID CSCee01956. \n\n The Internetworking Terms and Cisco Systems Acronyms online guides can be\n found at http://www.cisco.com/univercd/cc/td/doc/cisintwk/. \n\nImpact\n\n An affected network device running an SSL server based on the OpenSSL\n implementation may be vulnerable to a Denial of Service (DoS) attack. \n\nSoftware Versions and Fixes\n\n * Cisco IOS -\n\n +----------------------------------------+\n |Release| Fixed Releases |Availability |\n | Train | | |\n |-------+------------------+-------------|\n |12.2SY |12.2(14)SY4 |March 25 |\n |-------+------------------+-------------|\n | |12.1(13)E14 |April 8 |\n |12.1E |12.1.(19)E7 |April 8 |\n | |12.1(20)E3 |April 26 |\n +----------------------------------------+\n\n * Cisco PIX Firewall - The vulnerability is fixed in software releases\n 6.0(4)102, 6.1(5)102, 6.2(3)107, and 6.3(3)124. These engineering\n builds may be obtained by contacting the Cisco Technical Assistance\n Center (TAC). TAC Contact information is given in the Obtaining Fixed\n Software section below. \n * Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\n Series and Cisco 7600 Series routers - The vulnerability is fixed in\n software release 1.1.3(14) which will be available by Monday, 22 of\n March, 2004. This engineering builds may be obtained by contacting the\n Cisco Technical Assistance Center (TAC). TAC Contact information is\n given in the Obtaining Fixed Software section below. \n * Cisco MDS 9000 Series Multilayer Switches - No fixed software release\n or software availability date has been determined yet. \n * Cisco Content Service Switch (CSS) 11000 series -No fixed software\n release or software availability date has been determined yet. \n * Cisco Global Site Selector (GSS) 4480 - No fixed software release or\n software availability date has been determined yet. \n * CiscoWorks Common Services (CWCS) version 2.2 and CiscoWorks Common\n Management Foundation (CMF) version 2.1 - No fixed software release or\n software availability date has been determined yet. \n * Cisco Access Registrar (CAR) - The vulnerability is fixed in software\n release 3.5.0.12 which will be available by Friday, 26 of March, 2004. \n\nObtaining Fixed Software\n\n Cisco is offering free software upgrades to address this vulnerability for\n all affected customers. \n\n Customers may only install and expect support for the feature sets they\n have purchased. By installing, downloading, accessing or otherwise using\n such software upgrades, Customers agree to be bound by the terms of\n Cisco\u0027s software license terms found at\n http://www.cisco.com/public/sw-license-agreement.html, or as otherwise set\n forth at the Cisco Connection Online Software Center at\n http://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\n Customers with contracts should obtain upgraded software through their\n regular update channels. For most customers, this means that upgrades\n should be obtained through the Software Center on Cisco\u0027s worldwide\n website at http://www.cisco.com/tacpage/sw-center. To access the software\n download URL, you must be a registered user and you must be logged in. \n\n Customers whose Cisco products are provided or maintained through a prior\n or existing agreement with third-party support organizations such as Cisco\n Partners, authorized resellers, or service providers, should contact that\n support organization for assistance with obtaining the software\n upgrade(s). \n\n Customers who purchase direct from Cisco but who do not hold a Cisco\n service contract and customers who purchase through third-party vendors\n but are unsuccessful at obtaining fixed software through their point of\n sale should get their upgrades by contacting the Cisco Technical\n Assistance Center (TAC) using the contact information listed below. In\n these cases, customers are entitled to obtain a free upgrade to a later\n version of the same release or as indicated by the applicable corrected\n software version in the Software Versions and Fixes section (noted above). \n\n Cisco TAC contacts are as follows:\n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\n See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for\n additional TAC contact information, including special localized telephone\n numbers and instructions and e-mail addresses for use in various\n languages. \n\n Please have your product serial number available and give the URL of this\n notice as evidence of your entitlement to a upgrade. Upgrades for\n non-contract customers must be requested through the TAC. \n\n Please do not contact either \"psirt@cisco.com\" or\n \"security-alert@cisco.com\" for software upgrades. \n\nWorkarounds\n\n The Cisco PSIRT recommends that affected users upgrade to a fixed software\n version of code as soon as it is available. \n\n * Restrict access to the HTTPS server on the network device. Allow\n access to the network device only from trusted workstations by using\n access lists / MAC filters that are available on the affected\n platforms. \n * Disable the SSL server / service on the network device. This\n workaround must be weighed against the need for secure communications\n with the vulnerable device. \n\nExploitation and Public Announcements\n\n The Cisco PSIRT is not aware of any malicious use of the vulnerability\n described in this advisory. \n\nStatus of This Notice: INTERIM\n\n This is an interim advisory. Although Cisco cannot guarantee the accuracy\n of all statements in this advisory, all of the facts have been checked to\n the best of our ability. Cisco does not anticipate issuing updated\n versions of this advisory unless there is some material change in the\n facts. Should there be a significant change in the facts, Cisco may update\n this advisory. \n\n A stand-alone copy or paraphrase of the text of this security advisory\n that omits the distribution URL in the following section is an\n uncontrolled copy, and may lack important information or contain factual\n errors. \n\nDistribution\n\n This advisory will be posted on Cisco\u0027s worldwide website at\n http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml . \n\n In addition to worldwide web posting, a text version of this notice is\n clear-signed with the Cisco PSIRT PGP key having the fingerprint 8C82 5207\n 0CA9 ED40 1DD2 EE2A 7B31 A8CF 32B6 B590 and is posted to the following\n e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-teams@first.org (includes CERT/CC)\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.netsys.com\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\n Future updates of this advisory, if any, will be placed on Cisco\u0027s\n worldwide website, but may or may not be actively announced on mailing\n lists or newsgroups. Users concerned about this problem are encouraged to\n check the above URL for any updates. \n\nRevision History\n\n +------------------------------------------+\n |Revision 1.0|2004-March-17|Initial |\n | | |release. |\n +------------------------------------------+\n\nCisco Security Procedures\n\n Complete information on reporting security vulnerabilities in Cisco\n products, obtaining assistance with security incidents, and registering to\n receive security information from Cisco, is available on Cisco\u0027s worldwide\n website at\n http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This\n includes instructions for press inquiries regarding Cisco security\n notices. All Cisco security advisories are available at\n http://www.cisco.com/go/psirt. \n\n This advisory is copyright 2004 by Cisco Systems, Inc. This advisory may\n be redistributed freely after the release date given at the top of the\n text, provided that redistributed copies are complete and unmodified,\n including all date and version information. \n\n ----------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nComment: PGP Signed by Sharad Ahlawat, Cisco Systems PSIRT\n\niD8DBQFAWFvZezGozzK2tZARAqIwAKDXDMLAY6eDYyU8y1MhKZUto2SRxwCg+oid\n7AhsNlLsNVSLwTRKTHSigu0=\n=gtba\n-----END PGP SIGNATURE-----\n. \n\nOpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and\nFTP from the following master locations (you can find the various FTP\nmirrors under http://www.openssl.org/source/mirror.html):\n\n ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n o openssl-0.9.7d.tar.gz\n MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5\n \n o openssl-0.9.6m.tar.gz [normal]\n MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9\n o openssl-engine-0.9.6m.tar.gz [engine]\n MD5 checksum: 4c39d2524bd466180f9077f8efddac8c\n\nThe checksums were calculated using the following command:\n\n openssl md5 openssl-0.9*.tar.gz\n\nCredits\n-------\n\nPatches for these issues were created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. The OpenSSL team would\nlike to thank Codenomicon for supplying the TLS Test Tool which was\nused to discover these vulnerabilities, and Joe Orton of Red Hat for\nperforming the majority of the testing. \n\nReferences\n----------\n\nhttp://www.codenomicon.com/testtools/tls/\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20040317.txt\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0112"
},
{
"db": "CERT/CC",
"id": "VU#484726"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "CNVD",
"id": "CNVD-2004-0790"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "VULHUB",
"id": "VHN-8542"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0112",
"trust": 4.7
},
{
"db": "CERT/CC",
"id": "VU#484726",
"trust": 3.3
},
{
"db": "BID",
"id": "9899",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA04-078A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "11139",
"trust": 1.7
},
{
"db": "XF",
"id": "15508",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1009458",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-0790",
"trust": 0.6
},
{
"db": "BID",
"id": "14567",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-8542",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "17398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41200",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "17381",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41105",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32887",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32886",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#484726"
},
{
"db": "CNVD",
"id": "CNVD-2004-0790"
},
{
"db": "VULHUB",
"id": "VHN-8542"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"id": "VAR-200411-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8542"
}
],
"trust": 0.52271296
},
"last_update_date": "2024-03-18T21:58:08.254000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[ important ]\u00a0OpenSSL Regarding vulnerability response Fujitsu \u00a0 Public vulnerability information",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"title": "OpenSSL Repair measures for denial of service attack vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169016"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.openssl.org/news/secadv_20040317.txt"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9899"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/484726"
},
{
"trust": 2.5,
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"trust": 1.8,
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2004:023"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1049"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a928"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9580"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11139"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
},
{
"trust": 1.7,
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
},
{
"trust": 1.6,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-005.txt.asc"
},
{
"trust": 1.1,
"url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
},
{
"trust": 0.8,
"url": "http://www.openssl.org"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2712.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-078a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-224012"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-078a"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0112"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/15508"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/securitynews/5op0g20caa.html"
},
{
"trust": 0.6,
"url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
},
{
"trust": 0.6,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
},
{
"trust": 0.3,
"url": "http://www.4d.com/products/4dwsv.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3123.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-10.html"
},
{
"trust": 0.3,
"url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
},
{
"trust": 0.3,
"url": "http://www.litespeedtech.com"
},
{
"trust": 0.3,
"url": "/archive/1/357672"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.suresec.org/advisories/adv5.pdf"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/11139/"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0079"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0112"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=107953412903636\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108403806509920\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026amp;y=2004\u0026amp;m=slackware-security.455961"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/48/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2005-829.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1326/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1306/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1044/"
},
{
"trust": 0.1,
"url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4222/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17381/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/10133/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-license-agreement.html,"
},
{
"trust": 0.1,
"url": "https://ip_address_of_device/."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/univercd/cc/td/doc/cisintwk/."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/tacpage/sw-center."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.codenomicon.com/testtools/tls/"
},
{
"trust": 0.1,
"url": "http://www.openssl.org/source/mirror.html):"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0112"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0079"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#484726"
},
{
"db": "VULHUB",
"id": "VHN-8542"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#484726"
},
{
"db": "CNVD",
"id": "CNVD-2004-0790"
},
{
"db": "VULHUB",
"id": "VHN-8542"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "PACKETSTORM",
"id": "32887"
},
{
"db": "PACKETSTORM",
"id": "32886"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-17T00:00:00",
"db": "CERT/CC",
"id": "VU#484726"
},
{
"date": "2004-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0790"
},
{
"date": "2004-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-8542"
},
{
"date": "2004-03-17T00:00:00",
"db": "BID",
"id": "9899"
},
{
"date": "2005-08-15T00:00:00",
"db": "BID",
"id": "14567"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"date": "2005-11-03T01:02:14",
"db": "PACKETSTORM",
"id": "41200"
},
{
"date": "2005-11-02T01:11:22",
"db": "PACKETSTORM",
"id": "41105"
},
{
"date": "2004-03-17T15:44:08",
"db": "PACKETSTORM",
"id": "32887"
},
{
"date": "2004-03-17T14:36:13",
"db": "PACKETSTORM",
"id": "32886"
},
{
"date": "2003-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"date": "2004-11-23T05:00:00",
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-26T00:00:00",
"db": "CERT/CC",
"id": "VU#484726"
},
{
"date": "2004-03-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-0790"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-8542"
},
{
"date": "2015-03-19T08:20:00",
"db": "BID",
"id": "9899"
},
{
"date": "2006-05-05T23:10:00",
"db": "BID",
"id": "14567"
},
{
"date": "2024-03-04T06:12:00",
"db": "JVNDB",
"id": "JVNDB-2004-000088"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-112"
},
{
"date": "2024-02-15T20:54:12.877000",
"db": "NVD",
"id": "CVE-2004-0112"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake",
"sources": [
{
"db": "CERT/CC",
"id": "VU#484726"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "14567"
}
],
"trust": 0.6
}
}
VAR-200303-0122
Vulnerability from variot - Updated: 2024-03-01 20:03Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. sendmail A buffer overflow vulnerability was discovered in message processing. The vulnerability could allow a third party to gain administrative privileges remotely. This problem, sendmail is caused by receiving a message with maliciously constructed header information. For this reason, LAN is running on a host installed within sendmail Even other MTA (Mail Transfer Agent) You may be affected by the vulnerability if you receive a malicious message relayed from .A third party may be able to remotely obtain administrator privileges. Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. Sendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\% to 75\% of the total. Many UNIX and Linux workstations run Sendmail by default. When an email header contains an address or address list (eg \"From\", \"To\", \"CC\"), Sendmail will attempt to check whether the provided address or address list is valid. Sendmail does this using the crackaddr() function, which is located in the headers.c file in the Sendmail source tree. Sendmail will check this buffer and stop adding data to it if it is found to be full. Sendmail goes through several safety checks to ensure that characters are interpreted correctly. On most Unix or Linux systems, Sendmail runs as the root user. Because the attack code can be included in what appears to be a normal email message, it can easily penetrate many common packet filtering devices or firewalls without being detected. Successful exploitation of an unpatched sendmail system leaves no messages in the syslog. However, on patched systems, attempts to exploit this vulnerability leave the following log message: Dropped invalid comments from header address This vulnerability affects both the commercial and open source versions of Sendmail, and is also reported to have been tested in the lab environment has been successfully exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.7"
},
{
"model": "sendmail",
"scope": "gte",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.0"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": null
},
{
"model": "sendmail",
"scope": "lt",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "sendmail",
"scope": "gte",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "bsdos",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "5.0"
},
{
"model": "sendmail",
"scope": "lt",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "bsdos",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "4.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.8"
},
{
"model": "alphaserver sc",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "bsdos",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "4.3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.0.4"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "platform sa",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "1.0"
},
{
"model": "sendmail",
"scope": "lt",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "alphaserver sc",
"scope": null,
"trust": 0.9,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bsd os",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sendmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group sco linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group sco unixware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sendmail consortium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xerox",
"version": null
},
{
"model": "bsd/os",
"scope": null,
"trust": 0.8,
"vendor": "\u30d5\u30a9\u30a2 \u30c1\u30e5\u30fc\u30f3",
"version": null
},
{
"model": "ux4800\u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "sendmail",
"scope": null,
"trust": 0.8,
"vendor": "sendmail consortium",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "sun cobalt qube3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "systemwalker perfmgr",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "teamware office",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "sun cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "sendmail switch",
"scope": null,
"trust": 0.8,
"vendor": "\u30bb\u30f3\u30c9\u30e1\u30fc\u30eb\u793e",
"version": null
},
{
"model": "up-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "sun cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "interstage collaborationring pm",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "irix",
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": "netbsd",
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": "sun linux 5.0",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "turbolinux workstation",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "unixware",
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": "interstage collaborationring tpm",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "sendmail pro",
"scope": null,
"trust": 0.8,
"vendor": "\u30bb\u30f3\u30c9\u30e1\u30fc\u30eb\u793e",
"version": null
},
{
"model": "sendmail for nt",
"scope": null,
"trust": 0.8,
"vendor": "\u30bb\u30f3\u30c9\u30e1\u30fc\u30eb\u793e",
"version": null
},
{
"model": "turbolinux advanced server",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "systemwalker it budgetmgr",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "aix",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "hi-ux/we2",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "open unix",
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": "trendmicro interscan viruswall",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "sun cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "internet navigware server",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "openlinux",
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "interstage office square",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u901a",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "sun solaris",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "red hat linux advanced workstation",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "turbolinux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30bf\u30fc\u30dc\u30ea\u30ca\u30c3\u30af\u30b9",
"version": null
},
{
"model": "sun cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "red hat linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "ews-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "freebsd",
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "11.04"
},
{
"model": "river systems platform sa",
"scope": "eq",
"trust": 0.3,
"vendor": "wind",
"version": "1.0"
},
{
"model": "river systems bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "wind",
"version": "5.0"
},
{
"model": "river systems bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "wind",
"version": "4.3.1"
},
{
"model": "river systems bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "wind",
"version": "4.2"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "lx50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq xtr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "cobalt qube",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "cobalt manageraq3 3000r-mr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt cacheraq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.16"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.15"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "freeware",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "1.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "inc sendmail advanced message server",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "1.3"
},
{
"model": "inc sendmail advanced message server",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "1.2"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "consortium sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "consortium sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "consortium sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "consortium sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "consortium sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "consortium sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "consortium sendmail beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.65"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.61"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "5.59"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.1"
},
{
"model": "open unix",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "8.0"
},
{
"model": "z/os v1r4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "z/os v1r2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "os/390 v2r8",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "os/390 v2r10",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mvs",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "inc sendmail switch",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "inc sendmail switch",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "inc sendmail switch",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "inc sendmail for nt",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "inc sendmail for nt",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "consortium sendmail switch",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "consortium sendmail switch",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "consortium sendmail switch",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "consortium sendmail for nt",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "consortium sendmail for nt",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "consortium sendmail",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "gnu/*/linux",
"scope": "ne",
"trust": 0.3,
"vendor": "openwall",
"version": "1.0"
},
{
"model": "networks junos",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "networks junos",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#398025"
},
{
"db": "BID",
"id": "6991"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.11.6",
"versionStartIncluding": "8.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.9.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.12.8",
"versionStartIncluding": "8.12.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISS X-Force\u203b xforce@iss.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1337",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-1337",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-5722",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1337",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#398025",
"trust": 0.8,
"value": "66.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-038",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-5722",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#398025"
},
{
"db": "VULHUB",
"id": "VHN-5722"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. sendmail A buffer overflow vulnerability was discovered in message processing. The vulnerability could allow a third party to gain administrative privileges remotely. This problem, sendmail is caused by receiving a message with maliciously constructed header information. For this reason, LAN is running on a host installed within sendmail Even other MTA (Mail Transfer Agent) You may be affected by the vulnerability if you receive a malicious message relayed from .A third party may be able to remotely obtain administrator privileges. Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. \nReportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. \nSendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\\\\% to 75\\\\% of the total. Many UNIX and Linux workstations run Sendmail by default. When an email header contains an address or address list (eg \\\"From\\\", \\\"To\\\", \\\"CC\\\"), Sendmail will attempt to check whether the provided address or address list is valid. Sendmail does this using the crackaddr() function, which is located in the headers.c file in the Sendmail source tree. Sendmail will check this buffer and stop adding data to it if it is found to be full. Sendmail goes through several safety checks to ensure that characters are interpreted correctly. On most Unix or Linux systems, Sendmail runs as the root user. Because the attack code can be included in what appears to be a normal email message, it can easily penetrate many common packet filtering devices or firewalls without being detected. Successful exploitation of an unpatched sendmail system leaves no messages in the syslog. However, on patched systems, attempts to exploit this vulnerability leave the following log message: Dropped invalid comments from header address This vulnerability affects both the commercial and open source versions of Sendmail, and is also reported to have been tested in the lab environment has been successfully exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1337"
},
{
"db": "CERT/CC",
"id": "VU#398025"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "BID",
"id": "6991"
},
{
"db": "VULHUB",
"id": "VHN-5722"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5722",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5722"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1337",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#398025",
"trust": 3.3
},
{
"db": "BID",
"id": "6991",
"trust": 2.8
},
{
"db": "XF",
"id": "10748",
"trust": 1.4
},
{
"db": "XF",
"id": "11653",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038",
"trust": 0.7
},
{
"db": "CALDERA",
"id": "CSSA-2003-SCO.5",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2003-SCO.6",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:074",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:073",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:227",
"trust": 0.6
},
{
"db": "HP",
"id": "HPSBUX0302-246",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030303 FWD: APPLE-SA-2003-03-03 SENDMAIL",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030304 [LSD] TECHNICAL ANALYSIS OF THE REMOTE SENDMAIL VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030304 GLSA: SENDMAIL (200303-4)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030303 SENDMAIL 8.12.8 AVAILABLE",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2003-07",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:2222",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "IY40500",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "IY40502",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "IY40501",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2003:571",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:028",
"trust": 0.6
},
{
"db": "SGI",
"id": "20030301-01-P",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-257",
"trust": 0.6
},
{
"db": "ISS",
"id": "20030303 REMOTE SENDMAIL HEADER PROCESSING VULNERABILITY",
"trust": 0.6
},
{
"db": "NETBSD",
"id": "NETBSD-SA2003-002",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-76118",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76119",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22314",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22313",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "411",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5722",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#398025"
},
{
"db": "VULHUB",
"id": "VHN-5722"
},
{
"db": "BID",
"id": "6991"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"id": "VAR-200303-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5722"
}
],
"trust": 0.41392874999999996
},
"last_update_date": "2024-03-01T20:03:34.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS03-001 Fujitsu CERT\u00a0Advisory information",
"trust": 0.8,
"url": "http://www.debian.org/security/2003/dsa-257"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21950"
},
{
"trust": 2.8,
"url": "http://www.sendmail.org/8.12.8.html"
},
{
"trust": 2.8,
"url": "http://www.cert.org/advisories/ca-2003-07.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/6991"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/398025"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=iy40500\u0026apar=only"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=iy40501\u0026apar=only"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=iy40502\u0026apar=only"
},
{
"trust": 1.7,
"url": "ftp://ftp.sco.com/pub/updates/unixware/cssa-2003-sco.5"
},
{
"trust": 1.7,
"url": "ftp://ftp.sco.com/pub/updates/openserver/cssa-2003-sco.6"
},
{
"trust": 1.7,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000571"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2003/dsa-257"
},
{
"trust": 1.7,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2003:028"
},
{
"trust": 1.7,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-002.txt.asc"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-073.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-074.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-227.html"
},
{
"trust": 1.7,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-p"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10748.php"
},
{
"trust": 1.1,
"url": "http://www.sendmail.org"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104678862409849\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2222"
},
{
"trust": 0.8,
"url": "http://www.sendmail.com/security/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.org/archive/1/313757/2003-03-01/2003-03-07/0"
},
{
"trust": 0.8,
"url": "http://www.nipc.gov/warnings/advisories/2003/03-004.htm"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-07"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1337"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2003/at030002.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr031001.txt"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030314_190827.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030305_170302.html"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20030303sendmail.html"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-048.shtml"
},
{
"trust": 0.8,
"url": "http://www.isskk.co.jp/support/techinfo/general/sendmailheader_xforce.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/10748"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/11653"
},
{
"trust": 0.6,
"url": "http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51ab21-c0103500-17099-es-20030226.readme"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104679411316818\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104678862409849\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104678862109841\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104678739608479\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104673778105192\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2222"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2003.0794.1"
},
{
"trust": 0.3,
"url": "http://www.slackware.org/lists/archive/viewer.php?l=slackware-security\u0026y=2003\u0026m=slackware-security.286398"
},
{
"trust": 0.3,
"url": "http://www.sendmail.org/"
},
{
"trust": 0.3,
"url": "ftp://ftp1.support.compaq.com/public/unix/v4.0g/t64v40gb17-c0028100-16887-es-20030211.readme"
},
{
"trust": 0.3,
"url": "ftp://ftp1.support.compaq.com/public/unix/v4.0f/duv40fb18-c0092200-16888-es-20030211.readme"
},
{
"trust": 0.3,
"url": "http://ftp1.support.compaq.com/public/unix/v5.0a/t64v50ab17-c0031300-16884-es-20030211.readme"
},
{
"trust": 0.3,
"url": "ftp://ftp1.support.compaq.com/public/unix/v5.1/t64v51b19-c0169100-16882-es-20030211.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51bb1-c0003900-16874-es-20030211.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/readmes/unix/t64v51b20-c0169800-16980-es-20030218.readme"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51181"
},
{
"trust": 0.3,
"url": "http://www.sendmail.com"
},
{
"trust": 0.3,
"url": "/archive/1/313757"
},
{
"trust": 0.3,
"url": "/archive/1/313795"
},
{
"trust": 0.3,
"url": "/archive/1/313841"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#398025"
},
{
"db": "VULHUB",
"id": "VHN-5722"
},
{
"db": "BID",
"id": "6991"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#398025"
},
{
"db": "VULHUB",
"id": "VHN-5722"
},
{
"db": "BID",
"id": "6991"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-03T00:00:00",
"db": "CERT/CC",
"id": "VU#398025"
},
{
"date": "2003-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-5722"
},
{
"date": "2003-03-02T00:00:00",
"db": "BID",
"id": "6991"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"date": "2003-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"date": "2003-03-07T05:00:00",
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#398025"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-5722"
},
{
"date": "2007-09-22T00:30:00",
"db": "BID",
"id": "6991"
},
{
"date": "2024-03-01T01:52:00",
"db": "JVNDB",
"id": "JVNDB-2003-000061"
},
{
"date": "2006-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-038"
},
{
"date": "2024-02-09T03:19:11.660000",
"db": "NVD",
"id": "CVE-2002-1337"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote Buffer Overflow in Sendmail",
"sources": [
{
"db": "CERT/CC",
"id": "VU#398025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "6991"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-038"
}
],
"trust": 0.9
}
}
VAR-200308-0014
Vulnerability from variot - Updated: 2024-02-28 22:37Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. A function originally derived from 4.4BSD, realpath(3), contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base may be affected. This problem was originally reported to affect WU-FTPd. It has been discoved to affect various BSD implementations as well. WU-FTPD is implemented in fb_realpath() In the function, the size of the buffer for handling the path is MAXPATHLEN However, the length of the path actually delivered is longer than that. (MAXPATHLEN+1) , one shift (off-by-one) A buffer overflow vulnerability exists.root Arbitrary commands may be executed with sufficient privileges. The 'realpath()' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that was reported to affect the implementation of 'realpath()' in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable. Reportedly, this vulnerability has been successfully exploited against WU-FTPD to execute arbitrary instructions. NOTE: Patching the C library alone may not remove all instances of this vulnerability. Statically linked programs may need to be rebuilt with a patched version of the C library. Also, some applications may implement their own version of 'realpath()'. These applications would require their own patches. FreeBSD has published a large list of applications that use 'realpath()'. Administrators of FreeBSD and other systems are urged to review it. For more information, see the advisory 'FreeBSD-SA-03:08.realpath'. The realpath(3) function is used to determine the absolute path name of the rule in the given path name. The realpath(3) function is part of the FreeBSD standard C language library file. If the parsed pathname is 1024 bytes long and contains two directory separators, the buffer passed to the realpath(3) function can be overwritten with a single NUL byte. Applications that typically use the realpath(3) function can cause denial of service, or execute arbitrary code and privilege escalation attacks. sftp-server(8) is part of OpenSSH, and realpath(3) is used to process the chdir command. 1 cdparanoia-3.9. Synopsis: wu-ftpd fb_realpath() off-by-one bug Product: wu-ftpd Version: 2.5.0 <= 2.6.2 Vendor: http://www.wuftpd.org/
URL: http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466 Author: Wojciech Purczynski cliph@isec.pl Janusz Niewiadomski funkysh@isec.pl Date: July 31, 2003
Issue:
Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local or remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.
Details:
An off-by-one bug exists in fb_realpath() function. The overflowed buffer lies on the stack.
The bug results from misuse of rootd variable in the calculation of length of a concatenated string:
------8<------cut-here------8<------ / * Join the two strings together, ensuring that the right thing * happens if the last component is empty, or the dirname is root. / if (resolved[0] == '/' && resolved[1] == '\0') rootd = 1; else rootd = 0;
if (*wbuf) {
if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
errno = ENAMETOOLONG;
goto err1;
}
if (rootd == 0)
(void) strcat(resolved, "/");
(void) strcat(resolved, wbuf);
}
------8<------cut-here------8<------
Since the path is constructed from current working directory and a file name specified as an parameter to various FTP commands attacker needs to create deep directory structure. This may occur for example if wu-ftpd is compiled with some versions of Linux kernel where PATH_MAX (and MAXPATHLEN accordingly) is defined to be exactly 4095 characters. In such cases, the buffer is padded with an extra byte because of variable alignment which is a result of code optimization.
Linux 2.2.x and some early 2.4.x kernel versions defines PATH_MAX to be 4095 characters, thus only wu-ftpd binaries compiled on 2.0.x or later 2.4.x kernels are affected. We believe that exploitation of other little-endian systems is also possible.
Impact:
Authenticated local user or anonymous FTP user with write-access could execute arbitrary code with root privileges.
Vendor Status:
June 1, 2003 security@wu-ftpd.org has been notified June 9, 2003 Request for confirmation of receipt sent to security@wu-ftpd.org June 11, 2003 Response received from Kent Landfield July 3, 2003 Request for status update sent July 19, 2003 vendor-sec list notified July 31, 2003 Coordinated public disclosure
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0466 to this issue.
-- Janusz Niewiadomski iSEC Security Research http://isec.pl/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200308-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solaris",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "9.0"
},
{
"model": "wu ftpd",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.6.1-16"
},
{
"model": "freebsd",
"scope": "lte",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "netbsd",
"scope": "gte",
"trust": 1.0,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "openbsd",
"scope": "gte",
"trust": 1.0,
"vendor": "openbsd",
"version": "2.0"
},
{
"model": "netbsd",
"scope": "lte",
"trust": 1.0,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "freebsd",
"scope": "gte",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "wu-ftpd",
"scope": "lte",
"trust": 1.0,
"vendor": "wuftpd",
"version": "2.6.2"
},
{
"model": "wu-ftpd",
"scope": "gte",
"trust": 1.0,
"vendor": "wuftpd",
"version": "2.5.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": "openbsd",
"scope": "lte",
"trust": 1.0,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "immunix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "turbolinux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wu ftpd group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.2"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.3"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "7.1"
},
{
"model": "red hat linux",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": "8.0"
},
{
"model": "wu-ftpd",
"scope": null,
"trust": 0.8,
"vendor": "university of washington",
"version": null
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.8,
"vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
"version": null
},
{
"model": "asianux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.6.2"
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.6.1"
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.6.0"
},
{
"model": "university wu-ftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.5.0"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "communications security ssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "ssh",
"version": "3.2.9.1"
},
{
"model": "wu-ftpd-2.6.2-8.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.2-5.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-18.ia64.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-18.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-16.ppc.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "wu-ftpd-2.6.1-16.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.9"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.8"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.7"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.6"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.1"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.0"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.1"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "3.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-stablepre2002-03-07",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-stablepre122300",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stablepre050201",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0.x"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "-stablepre2001-07-20",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:powerpc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:ia64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.2-5:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:wu_ftpd:2.6.2-8:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Janusz Niewiadomski\u203b funkysh@isec.pl\u203bWojciech Purczynski\u203b cliph@isec.pl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0466",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2003-0466",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-7294",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2003-0466",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0466",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#743092",
"trust": 0.8,
"value": "6.75"
},
{
"author": "CNNVD",
"id": "CNNVD-200308-136",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-7294",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. A function originally derived from 4.4BSD,\u00a0realpath(3), contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base may be affected. This problem was originally reported to affect WU-FTPd. It has been discoved to affect various BSD implementations as well. WU-FTPD is implemented in fb_realpath() In the function, the size of the buffer for handling the path is MAXPATHLEN However, the length of the path actually delivered is longer than that. (MAXPATHLEN+1) , one shift (off-by-one) A buffer overflow vulnerability exists.root Arbitrary commands may be executed with sufficient privileges. The \u0027realpath()\u0027 function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as \u0027/\u0027, \u0027./\u0027, \u0027../\u0027, or symbolic links. A vulnerability that was reported to affect the implementation of \u0027realpath()\u0027 in WU-FTPD has lead to the discovery that at least one implementation of the C library is also vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow vulnerability is present in their libc. Other systems are also likely vulnerable. \nReportedly, this vulnerability has been successfully exploited against WU-FTPD to execute arbitrary instructions. \nNOTE: Patching the C library alone may not remove all instances of this vulnerability. Statically linked programs may need to be rebuilt with a patched version of the C library. Also, some applications may implement their own version of \u0027realpath()\u0027. These applications would require their own patches. FreeBSD has published a large list of applications that use \u0027realpath()\u0027. Administrators of FreeBSD and other systems are urged to review it. For more information, see the advisory \u0027FreeBSD-SA-03:08.realpath\u0027. The realpath(3) function is used to determine the absolute path name of the rule in the given path name. The realpath(3) function is part of the FreeBSD standard C language library file. If the parsed pathname is 1024 bytes long and contains two directory separators, the buffer passed to the realpath(3) function can be overwritten with a single NUL byte. Applications that typically use the realpath(3) function can cause denial of service, or execute arbitrary code and privilege escalation attacks. sftp-server(8) is part of OpenSSH, and realpath(3) is used to process the chdir command. 1 cdparanoia-3.9. \nSynopsis:\twu-ftpd fb_realpath() off-by-one bug\nProduct:\twu-ftpd\nVersion: \t2.5.0 \u003c= 2.6.2\nVendor:\t\thttp://www.wuftpd.org/\n\nURL:\t\thttp://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt\nCVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466\nAuthor:\t\tWojciech Purczynski \u003ccliph@isec.pl\u003e\n\t\tJanusz Niewiadomski \u003cfunkysh@isec.pl\u003e\nDate:\t\tJuly 31, 2003 \n\n\nIssue:\n======\n\nWu-ftpd FTP server contains remotely exploitable off-by-one bug. A local\nor remote attacker could exploit this vulnerability to gain root\nprivileges on a vulnerable system. \n\n\nDetails:\n========\n\nAn off-by-one bug exists in fb_realpath() function. \nThe overflowed buffer lies on the stack. \n\nThe bug results from misuse of rootd variable in the calculation of\nlength of a concatenated string:\n\n------8\u003c------cut-here------8\u003c------\n /*\n * Join the two strings together, ensuring that the right thing\n * happens if the last component is empty, or the dirname is root. \n */\n if (resolved[0] == \u0027/\u0027 \u0026\u0026 resolved[1] == \u0027\\0\u0027)\n rootd = 1;\n else\n rootd = 0;\n\n if (*wbuf) {\n if (strlen(resolved) + strlen(wbuf) + rootd + 1 \u003e MAXPATHLEN) {\n errno = ENAMETOOLONG;\n goto err1;\n }\n if (rootd == 0)\n (void) strcat(resolved, \"/\");\n (void) strcat(resolved, wbuf);\n }\n------8\u003c------cut-here------8\u003c------\n\nSince the path is constructed from current working directory and a file\nname specified as an parameter to various FTP commands attacker needs to\ncreate deep directory structure. This may occur for example if wu-ftpd is compiled\nwith some versions of Linux kernel where PATH_MAX (and MAXPATHLEN \naccordingly) is defined to be exactly 4095 characters. In such cases,\nthe buffer is padded with an extra byte because of variable alignment \nwhich is a result of code optimization. \n\nLinux 2.2.x and some early 2.4.x kernel versions defines PATH_MAX to be \n4095 characters, thus only wu-ftpd binaries compiled on 2.0.x or later 2.4.x\nkernels are affected. We believe that exploitation of other\nlittle-endian systems is also possible. \n \n\nImpact:\n=======\n\nAuthenticated local user or anonymous FTP user with write-access could\nexecute arbitrary code with root privileges. \n\n\nVendor Status:\n==============\n\nJune 1, 2003\tsecurity@wu-ftpd.org has been notified\nJune 9, 2003\tRequest for confirmation of receipt sent to security@wu-ftpd.org\nJune 11, 2003\tResponse received from Kent Landfield\nJuly 3, 2003 Request for status update sent\nJuly 19, 2003\tvendor-sec list notified\nJuly 31, 2003\tCoordinated public disclosure\n\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0466 to this issue. \n\n-- \nJanusz Niewiadomski\niSEC Security Research\nhttp://isec.pl/\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0466"
},
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "PACKETSTORM",
"id": "31479"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7294",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7294"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0466",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#743092",
"trust": 3.3
},
{
"db": "BID",
"id": "8315",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "9423",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9447",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9446",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9535",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1007380",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "6602",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "9406",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030731 WU-FTPD FB_REALPATH() OFF-BY-ONE BUG",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030804 WU-FTPD-2.6.2 OFF-BY-ONE REMOTE EXPLOIT.",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060214 RE: LATEST WU-FTPD EXPLOIT :-S",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060213 LATEST WU-FTPD EXPLOIT :-S",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030804 OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY IN BSD LIBC REALPATH(3)",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:245",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:246",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20030731 WU-FTPD FB_REALPATH() OFF-BY-ONE BUG",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2003:032",
"trust": 0.6
},
{
"db": "NETBSD",
"id": "NETBSD-SA2003-011.TXT.ASC",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "1001257",
"trust": 0.6
},
{
"db": "TURBO",
"id": "TLSA-2003-46",
"trust": 0.6
},
{
"db": "IMMUNIX",
"id": "IMNX-2003-7+-019-01",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:080",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:1970",
"trust": 0.6
},
{
"db": "XF",
"id": "12785",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-03:08",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-357",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "31479",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "22976",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22974",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22975",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62739",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76759",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76761",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76760",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7294",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "PACKETSTORM",
"id": "31479"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"id": "VAR-200308-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7294"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-28T22:37:56.784000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "245",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/data/wu-ftpd.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.0
},
{
"problemtype": "Determination of boundary conditions (CWE-193) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/8315"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"trust": 2.0,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-011.txt.asc"
},
{
"trust": 2.0,
"url": "http://www.turbolinux.com/security/tlsa-2003-46.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"trust": 1.7,
"url": "http://download.immunix.org/immunixos/7+/updates/errata/imnx-2003-7+-019-01"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:080"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6602"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-245.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-246.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1007380"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9423"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9446"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9447"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/9535"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1970"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"trust": 0.9,
"url": "http://www.wuftpd.org/"
},
{
"trust": 0.8,
"url": "http://www.secunia.com/advisories/9406/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0466"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/12785"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106002488209129\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106001702232325\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106001410028809\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105967301604815\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1970"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f56121"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://www.wu-ftpd.org"
},
{
"trust": 0.3,
"url": "/archive/1/331295"
},
{
"trust": 0.3,
"url": "/archive/1/331723"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105967301604815\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106002488209129\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106001702232325\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106001410028809\u0026amp;w=2"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0466"
},
{
"trust": 0.1,
"url": "http://isec.pl/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "PACKETSTORM",
"id": "31479"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#743092"
},
{
"db": "VULHUB",
"id": "VHN-7294"
},
{
"db": "BID",
"id": "8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"db": "PACKETSTORM",
"id": "31479"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#743092"
},
{
"date": "2003-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-7294"
},
{
"date": "2003-07-31T00:00:00",
"db": "BID",
"id": "8315"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"date": "2003-08-05T16:57:23",
"db": "PACKETSTORM",
"id": "31479"
},
{
"date": "2003-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"date": "2003-08-27T04:00:00",
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-08-15T00:00:00",
"db": "CERT/CC",
"id": "VU#743092"
},
{
"date": "2018-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-7294"
},
{
"date": "2007-05-15T19:08:00",
"db": "BID",
"id": "8315"
},
{
"date": "2024-02-28T04:21:00",
"db": "JVNDB",
"id": "JVNDB-2003-000237"
},
{
"date": "2007-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200308-136"
},
{
"date": "2024-02-08T15:50:15.020000",
"db": "NVD",
"id": "CVE-2003-0466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "realpath(3) function contains off-by-one buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#743092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "8315"
},
{
"db": "CNNVD",
"id": "CNNVD-200308-136"
}
],
"trust": 0.9
}
}
VAR-199606-0003
Vulnerability from variot - Updated: 2023-12-18 13:50The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. HP-UX is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199606-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a ux",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "3.2.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "2.0.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "2.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": "1.2.0"
},
{
"model": "osf 1",
"scope": "eq",
"trust": 1.0,
"vendor": "digital",
"version": "1.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "4"
},
{
"model": "ews-ux v",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": "4.2mp"
},
{
"model": "asl ux 4800",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": "*"
},
{
"model": "up-ux v",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": "4.2mp"
},
{
"model": "ews-ux v",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": "4.2"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10"
},
{
"model": "up-ux/v",
"scope": null,
"trust": 0.3,
"vendor": "nec",
"version": null
},
{
"model": "ews-ux 4.2mp",
"scope": "eq",
"trust": 0.3,
"vendor": "nec",
"version": "v"
},
{
"model": "ews-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "nec",
"version": "v4.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "osf",
"scope": "eq",
"trust": 0.3,
"vendor": "dpec",
"version": "11.3"
},
{
"model": "a/ux",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
}
],
"sources": [
{
"db": "BID",
"id": "77730"
},
{
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:nec:ews-ux_v:4.2mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:3.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:digital:osf_1:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:nec:ews-ux_v:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:nec:asl_ux_4800:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:a_ux:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:nec:up-ux_v:4.2mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0138"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "77730"
}
],
"trust": 0.3
},
"cve": "CVE-1999-0138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-0138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199606-003",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138"
},
{
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. HP-UX is prone to a local privilege-escalation vulnerability. \nLocal attackers may exploit this issue to gain root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"db": "BID",
"id": "77730"
},
{
"db": "VULHUB",
"id": "VHN-138"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0138",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003",
"trust": 0.7
},
{
"db": "BID",
"id": "77730",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138"
},
{
"db": "BID",
"id": "77730"
},
{
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"id": "VAR-199606-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:50:12.125000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0138"
},
{
"trust": 0.3,
"url": "http://www.hp.com/products1/unix/"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138"
},
{
"db": "BID",
"id": "77730"
},
{
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138"
},
{
"db": "BID",
"id": "77730"
},
{
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1996-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-138"
},
{
"date": "1996-06-26T00:00:00",
"db": "BID",
"id": "77730"
},
{
"date": "1996-06-26T04:00:00",
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"date": "1996-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138"
},
{
"date": "1996-06-26T00:00:00",
"db": "BID",
"id": "77730"
},
{
"date": "2022-08-17T07:15:11.853000",
"db": "NVD",
"id": "CVE-1999-0138"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "77730"
},
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "suidperl and sperl Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199606-003"
}
],
"trust": 0.6
}
}
VAR-200702-0025
Vulnerability from variot - Updated: 2023-12-18 13:25Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. Authentication is not required to exploit this vulnerability.The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. When parsing packets containing an overly long 'server_ip_name' field, an exploitable stack overflow may be triggered due to an an inline strcpy() within the library mchan.dll. Multiple Mercury products are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in a denial of service. HP Mercury is an IT management software developed by Mercury acquired by HP. Authentication is not required to exploit this vulnerability.
-- Vendor Response: Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00854250
-- Disclosure Timeline: 2006.10.27 - Vulnerability reported to vendor 2006.11.10 - Digital Vaccine released to TippingPoint customers 2007.02.08 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by Eric DETOISIEN.
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: HP Mercury Products Long "server_ip_name" Buffer Overflow
SECUNIA ADVISORY ID: SA24112
VERIFY ADVISORY: http://secunia.com/advisories/24112/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: Mercury LoadRunner Agent 8.x http://secunia.com/product/13450/ Mercury Monitor over Firewall 8.x http://secunia.com/product/13449/ Mercury Performance Center Agent 8.x http://secunia.com/product/13448/
DESCRIPTION: A vulnerability has been reported in various HP Mercury products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within MCHAN.DLL when parsing packets sent to MAGENTPROC.EXE on port 54345/TCP.
-- Mercury LoadRunner Agent 8.1 FP4 -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c337892f322b2311 c22572670060b795?OpenDocument
AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/6d7ce88c0d5c4b36 c225726a004a94a2?OpenDocument
-- Mercury LoadRunner Agent 8.1 SP1, FP1, FP2, FP3 -- Update to 8.1 FP4 and apply patches listed above.
-- Mercury LoadRunner Agent 8.1 GA -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7cd789640e496c34 c225726700613486?OpenDocument
AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/f2de896609dd7efb c225726a004af033?OpenDocument
-- Mercury LoadRunner Agent 8.0 GA -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/fa4a48afea2f8198 c22572670061bbe7?OpenDocument
AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/5de153e30789fa4a c225726a004b2354?OpenDocument
-- Mercury Performance Center Agent 8.1 FP4 -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/ae5d9a48a163fbb4 c225726a004c7831?OpenDocument
AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/34e894d8d8a1b941 c225726a004ff335?OpenDocument
-- Mercury Performance Center Agent 8.1 FP1, FP2, FP3 -- Update to version 8.1 FP4 and apply patches listed above.
-- Mercury Performance Center Agent 8.1 GA -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/0831f8b0bd9d9619 c225726a004cf7fe?OpenDocument
AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/a7333913152e65e1 c225726a005035e4?OpenDocument
-- Mercury Performance Center Agent 8.0 GA -- Update to version 8.1 GA and apply patches listed above.
-- Mercury Monitor over Firewall 8.1 -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c9b9924b3206614f c225726a004ded7d?OpenDocument
PROVIDED AND/OR DISCOVERED BY: Discovered by Eric Detoisien and reported via ZDI.
ORIGINAL ADVISORY: HPSBGN02187 SSRT061280: http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=c00854250
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-007.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200702-0025",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mercury performance center agent",
"scope": "eq",
"trust": 1.9,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury performance center agent",
"scope": "eq",
"trust": 1.9,
"vendor": "hp",
"version": "8.0"
},
{
"model": "mercury monitor over firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "8.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "mercury loadrunner agent",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "8.0 and 8.1"
},
{
"model": "mercury monitor over firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "8.1"
},
{
"model": "mercury performance center agent",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "8.0 and 8.1"
},
{
"model": "performance center monitor over firewall loadrunner",
"scope": null,
"trust": 0.7,
"vendor": "mercury",
"version": null
},
{
"model": "mercury performance center agent fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury performance center agent fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury performance center agent fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury performance center agent fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent ga",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "mercury loadrunner agent ga",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#303012"
},
{
"db": "ZDI",
"id": "ZDI-07-007"
},
{
"db": "BID",
"id": "22487"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:mercury_performance_center_agent:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:mercury_loadrunner_agent:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:mercury_loadrunner_agent:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:mercury_monitor_over_firewall:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:mercury_performance_center_agent:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eric DETOISIEN",
"sources": [
{
"db": "ZDI",
"id": "ZDI-07-007"
}
],
"trust": 0.7
},
"cve": "CVE-2007-0446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0446",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-23808",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0446",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#303012",
"trust": 0.8,
"value": "10.31"
},
{
"author": "CNNVD",
"id": "CNNVD-200702-170",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-23808",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2007-0446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#303012"
},
{
"db": "VULHUB",
"id": "VHN-23808"
},
{
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. Authentication is not required to exploit this vulnerability.The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. When parsing packets containing an overly long \u0027server_ip_name\u0027 field, an exploitable stack overflow may be triggered due to an an inline strcpy() within the library mchan.dll. Multiple Mercury products are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in a denial of service. HP Mercury is an IT management software developed by Mercury acquired by HP. \nAuthentication is not required to exploit this vulnerability. \n\n-- Vendor Response:\nHewlett-Packard has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00854250\n\n-- Disclosure Timeline:\n2006.10.27 - Vulnerability reported to vendor\n2006.11.10 - Digital Vaccine released to TippingPoint customers\n2007.02.08 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by Eric DETOISIEN. \n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\n(ZDI) represents a best-of-breed model for rewarding security\nresearchers for responsibly disclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is used. \n3Com does not re-sell the vulnerability details or any exploit code. \nInstead, upon notifying the affected product vendor, 3Com provides its\ncustomers with zero day protection through its intrusion prevention\ntechnology. Explicit details regarding the specifics of the\nvulnerability are not exposed to any parties until an official vendor\npatch is publicly available. Furthermore, with the altruistic aim of\nhelping to secure a broader user base, 3Com provides this vulnerability\ninformation confidentially to security vendors (including competitors)\nwho have a vulnerability protection or mitigation product. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nHP Mercury Products Long \"server_ip_name\" Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA24112\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24112/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nMercury LoadRunner Agent 8.x\nhttp://secunia.com/product/13450/\nMercury Monitor over Firewall 8.x\nhttp://secunia.com/product/13449/\nMercury Performance Center Agent 8.x\nhttp://secunia.com/product/13448/\n\nDESCRIPTION:\nA vulnerability has been reported in various HP Mercury products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to a boundary error within MCHAN.DLL\nwhen parsing packets sent to MAGENTPROC.EXE on port 54345/TCP. \n\n-- Mercury LoadRunner Agent 8.1 FP4 --\nNT:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c337892f322b2311\nc22572670060b795?OpenDocument\n\nAIX, HP, Solaris, Linux:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/6d7ce88c0d5c4b36\nc225726a004a94a2?OpenDocument\n\n-- Mercury LoadRunner Agent 8.1 SP1, FP1, FP2, FP3 --\nUpdate to 8.1 FP4 and apply patches listed above. \n\n-- Mercury LoadRunner Agent 8.1 GA --\nNT:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7cd789640e496c34\nc225726700613486?OpenDocument\n\nAIX, HP, Solaris, Linux:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/f2de896609dd7efb\nc225726a004af033?OpenDocument\n\n-- Mercury LoadRunner Agent 8.0 GA --\nNT:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/fa4a48afea2f8198\nc22572670061bbe7?OpenDocument\n\nAIX, HP, Solaris, Linux:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/5de153e30789fa4a\nc225726a004b2354?OpenDocument\n\n-- Mercury Performance Center Agent 8.1 FP4 --\nNT:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/ae5d9a48a163fbb4\nc225726a004c7831?OpenDocument\n\nAIX, HP, Solaris, Linux:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/34e894d8d8a1b941\nc225726a004ff335?OpenDocument\n\n-- Mercury Performance Center Agent 8.1 FP1, FP2, FP3 --\nUpdate to version 8.1 FP4 and apply patches listed above. \n\n-- Mercury Performance Center Agent 8.1 GA --\nNT:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/0831f8b0bd9d9619\nc225726a004cf7fe?OpenDocument\n\nAIX, HP, Solaris, Linux:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/a7333913152e65e1\nc225726a005035e4?OpenDocument\n\n-- Mercury Performance Center Agent 8.0 GA --\nUpdate to version 8.1 GA and apply patches listed above. \n\n-- Mercury Monitor over Firewall 8.1 --\nNT:\nhttp://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c9b9924b3206614f\nc225726a004ded7d?OpenDocument\n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered by Eric Detoisien and reported via ZDI. \n\nORIGINAL ADVISORY:\nHPSBGN02187 SSRT061280:\nhttp://www5.itrc.hp.com/service/cki/docDisplay.do?docId=c00854250\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-007.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"db": "CERT/CC",
"id": "VU#303012"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"db": "ZDI",
"id": "ZDI-07-007"
},
{
"db": "BID",
"id": "22487"
},
{
"db": "VULHUB",
"id": "VHN-23808"
},
{
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"db": "PACKETSTORM",
"id": "54331"
},
{
"db": "PACKETSTORM",
"id": "54298"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-23808",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23808"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-07-007",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#303012",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2007-0446",
"trust": 3.7
},
{
"db": "SECUNIA",
"id": "24112",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1017613",
"trust": 2.5
},
{
"db": "BID",
"id": "22487",
"trust": 2.1
},
{
"db": "OSVDB",
"id": "33132",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1017611",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1017612",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0535",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-112",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20070208 ZDI-07-007: HP MERCURY LOADRUNNER AGENT STACK OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "CIAC",
"id": "R-123",
"trust": 0.6
},
{
"db": "XF",
"id": "32390",
"trust": 0.6
},
{
"db": "HP",
"id": "HPSBGN02187",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "54331",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-23808",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2007/0535",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-0446",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54298",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#303012"
},
{
"db": "ZDI",
"id": "ZDI-07-007"
},
{
"db": "VULHUB",
"id": "VHN-23808"
},
{
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"db": "BID",
"id": "22487"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"db": "PACKETSTORM",
"id": "54331"
},
{
"db": "PACKETSTORM",
"id": "54298"
},
{
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"id": "VAR-200702-0025",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23808"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:25:48.061000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mercury LoadRunner Agent",
"trust": 0.8,
"url": "http://www.hp.com/country/us/en/solutions/leb.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-07-007.html"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/303012"
},
{
"trust": 2.6,
"url": "http://www.ciac.org/ciac/bulletins/r-123.shtml"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/22487"
},
{
"trust": 1.9,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c00854250"
},
{
"trust": 1.8,
"url": "http://osvdb.org/33132"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1017611"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1017612"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1017613"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/24112"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/459505/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2007/0535"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32390"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/24112/"
},
{
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00854250\u0026jumpid=reg_r1002_usen"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2007/feb/1017613.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0446"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/32390"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/459505/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0535"
},
{
"trust": 0.3,
"url": "http://h71028.www7.hp.com/enterprise/cache/447066-0-0-0-121.html"
},
{
"trust": 0.3,
"url": "/archive/1/459496"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0446"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/a7333913152e65e1"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13449/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c9b9924b3206614f"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/f2de896609dd7efb"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/6d7ce88c0d5c4b36"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/0831f8b0bd9d9619"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/5de153e30789fa4a"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13448/"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c337892f322b2311"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13450/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/fa4a48afea2f8198"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7cd789640e496c34"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/34e894d8d8a1b941"
},
{
"trust": 0.1,
"url": "http://www5.itrc.hp.com/service/cki/docdisplay.do?docid=c00854250"
},
{
"trust": 0.1,
"url": "http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/ae5d9a48a163fbb4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#303012"
},
{
"db": "VULHUB",
"id": "VHN-23808"
},
{
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"db": "BID",
"id": "22487"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"db": "PACKETSTORM",
"id": "54331"
},
{
"db": "PACKETSTORM",
"id": "54298"
},
{
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#303012"
},
{
"db": "ZDI",
"id": "ZDI-07-007"
},
{
"db": "VULHUB",
"id": "VHN-23808"
},
{
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"db": "BID",
"id": "22487"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"db": "PACKETSTORM",
"id": "54331"
},
{
"db": "PACKETSTORM",
"id": "54298"
},
{
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-02-26T00:00:00",
"db": "CERT/CC",
"id": "VU#303012"
},
{
"date": "2007-02-08T00:00:00",
"db": "ZDI",
"id": "ZDI-07-007"
},
{
"date": "2007-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-23808"
},
{
"date": "2007-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"date": "2007-02-08T00:00:00",
"db": "BID",
"id": "22487"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"date": "2007-02-13T05:56:19",
"db": "PACKETSTORM",
"id": "54331"
},
{
"date": "2007-02-13T00:06:32",
"db": "PACKETSTORM",
"id": "54298"
},
{
"date": "2007-02-08T23:28:00",
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"date": "2007-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-01T00:00:00",
"db": "CERT/CC",
"id": "VU#303012"
},
{
"date": "2007-02-08T00:00:00",
"db": "ZDI",
"id": "ZDI-07-007"
},
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-23808"
},
{
"date": "2018-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0446"
},
{
"date": "2007-02-26T23:06:00",
"db": "BID",
"id": "22487"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003262"
},
{
"date": "2018-10-16T16:32:38.010000",
"db": "NVD",
"id": "CVE-2007-0446"
},
{
"date": "2007-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "54331"
},
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP Mercury products vulnerable to buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#303012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200702-170"
}
],
"trust": 0.6
}
}
VAR-200108-0064
Vulnerability from variot - Updated: 2023-12-18 13:21Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. This vulnerability is now being actively exploited. A worm is known to be circulating around the Internet. Exposure:
Remote root compromise through buffer handling flaws
Confirmed vulnerable:
Up-to-date Debian 3.0 woody (issue is Debian-specific) Debian netkit-telnet-ssl-0.17.24+0.1 package Debian netkit-telnet-ssl-0.17.17+0.1 package
Mitigating factors:
Telnet service must be running and accessible to the attacker. Nowadays, telnet service presence on newly deployed Linux hosts is relatively low. The service is still used for LAN access from other unix platforms, and to host various non-shell services (such as MUDs).
Problem description:
Netkit telnetd implementation shipped with Debian Linux appears to be lacking the AYT vulnerability patch. This patch was devised by Red Hat (?) and incorporated into Debian packages, but later dropped.
This exposes the platform to a remote root problem discovered by scut of TESO back in 2001 (CVE-2001-0554), as well as to other currently unpublished flaws associated with the old buffer handling code, and elliminated by the Red Hat's overhaul of buffer handling routines.
Based on a review of package changelogs, my best guess is that the patch was accidentally dropped by Christoph Martin in December 2001, but I have not researched the matter any further.
Vendor response:
I have contacted Debian security staff on August 29, and received a confirmation of the problem from Matt Zimmerman shortly thereafter.
Since this is not a new flaw, I did not plan to release my own advisory, hoping they will release a DSA bulletin and fix the problem. Three weeks have passed, however, and Debian did not indicate any clear intent to release the information any time soon. They did release nine other advisories in the meantime, some of which were of lesser importance.
As such, I believe it is a good idea to bring the problem to public attention, particularly since those running telnetd were and are, unbeknownst to them, vulnerable to existing exploits.
Workaround:
Disable telnet service if not needed; manually apply Red Hat netkit patches, or compile the daemon from Red Hat sources.
Note that netkit as such is no longer maintained by the author, and hence obtaining the most recent source tarball (0.17) is NOT sufficient. You may also examine other less popular telnetd implementations, but be advised that almost all are heavily based on the original code, and not always up-to-date with security fixes for that codebase.
PS. Express your outrage: http://eprovisia.coredump.cx
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200108-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "catalyst csx",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "60005.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 2.1,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 2.1,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.9,
"vendor": "netbsd",
"version": "1.3.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.9,
"vendor": "netbsd",
"version": "1.3.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.9,
"vendor": "netbsd",
"version": "1.2"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "30002.5.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.8"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.7"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.6"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.3"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.1"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "2.0"
},
{
"model": "linux netkit",
"scope": "eq",
"trust": 1.3,
"vendor": "netkit",
"version": "0.12"
},
{
"model": "linux netkit",
"scope": "eq",
"trust": 1.3,
"vendor": "netkit",
"version": "0.11"
},
{
"model": "linux netkit",
"scope": "eq",
"trust": 1.3,
"vendor": "netkit",
"version": "0.10"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.4.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.4.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.4.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.4"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.3.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.2.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.3.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.0"
},
{
"model": "kerberos 5",
"scope": "eq",
"trust": 1.0,
"vendor": "mit",
"version": "1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.7.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.4"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.0"
},
{
"model": "kerberos 5",
"scope": "eq",
"trust": 1.0,
"vendor": "mit",
"version": "1.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "2.2"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 1.0,
"vendor": "mit",
"version": "1.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.3"
},
{
"model": "kerberos 5",
"scope": "eq",
"trust": 1.0,
"vendor": "mit",
"version": "1.2.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.0.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.8"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.1"
},
{
"model": "kerberos 5",
"scope": "eq",
"trust": 1.0,
"vendor": "mit",
"version": "1.2.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.7"
},
{
"model": "kerberos 5",
"scope": "eq",
"trust": 1.0,
"vendor": "mit",
"version": "1.1.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.6.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "4.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.0.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.8"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "3.2"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.3"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.2.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "7.0"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "60006.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "60005.5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "50006.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "40006.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "40005.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bsdi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "caldera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cray",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mit kerberos team",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "redhat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.5.1 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.5.1 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.24"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "30003.0.3"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "50005.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "40005.5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "40005.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "8.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.4"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.0"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.1"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.5"
},
{
"model": "linux netkit",
"scope": "eq",
"trust": 0.3,
"vendor": "netkit",
"version": "0.17"
},
{
"model": "linux netkit",
"scope": "eq",
"trust": 0.3,
"vendor": "netkit",
"version": "0.16"
},
{
"model": "linux netkit",
"scope": "eq",
"trust": 0.3,
"vendor": "netkit",
"version": "0.14"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.2.2"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.2.1"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.2"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.1.1"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.1"
},
{
"model": "kerberos",
"scope": "eq",
"trust": 0.3,
"vendor": "mit",
"version": "51.0"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux sis",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0.x"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.x"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.x"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.0"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.0"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30002.0"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60007.1"
},
{
"model": "catalyst pan",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.3"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.2(0.111)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.2(0.110)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.1(2.13)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.1(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50006.1(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50006.1(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50006.1(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(7)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(6)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.2(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.2(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.2(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.2(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.2"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.1(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(9)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(8)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(7)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(6)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(5)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(12)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(11)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5(10)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40007.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40006.1(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.5(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.5(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.5(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.5(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.2(7)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.2(6)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.2(5)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.2(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.2(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.2(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.1(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(9)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(8)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(7)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(6)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(5)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(4)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(3)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(2)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40004.5(10)"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.2"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.1"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0.1"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "openbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.9"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.6.1"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.6"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.5"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.4"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.3"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.2"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.1"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.4"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.2"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.1"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1"
},
{
"model": "vpn concentrator",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.0.4"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8500"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60007.1(2)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60006.3(4)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.5(13)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50006.3(4)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.5(13)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "50004.5"
},
{
"model": "catalyst 4908g-l3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 4840g",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4800"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4200"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "40007.1(2)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "40006.3(4)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.5(13)"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3900"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3550"
},
{
"model": "catalyst xl",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3500"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2950"
},
{
"model": "catalyst 2948g-l3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst xl",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2900"
},
{
"model": "catalyst lre xl",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2900"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2820"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2800"
},
{
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#745371"
},
{
"db": "BID",
"id": "3064"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netkit:linux_netkit:0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netkit:linux_netkit:0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netkit:linux_netkit:0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2:current:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.5:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:3.5.1:stable:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TESO Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
],
"trust": 0.6
},
"cve": "CVE-2001-0554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2001-0554",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0554",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#745371",
"trust": 0.8,
"value": "74.81"
},
{
"author": "CNNVD",
"id": "CNNVD-200108-082",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2001-0554",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#745371"
},
{
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. \nThis vulnerability is now being actively exploited. A worm is known to be circulating around the Internet. \nExposure:\n\n Remote root compromise through buffer handling flaws\n\nConfirmed vulnerable:\n\n Up-to-date Debian 3.0 woody (issue is Debian-specific)\n Debian netkit-telnet-ssl-0.17.24+0.1 package\n Debian netkit-telnet-ssl-0.17.17+0.1 package\n\nMitigating factors:\n\n Telnet service must be running and accessible to the attacker. \n Nowadays, telnet service presence on newly deployed Linux hosts is\n relatively low. The service is still used for LAN access from other unix\n platforms, and to host various non-shell services (such as MUDs). \n\nProblem description:\n\n Netkit telnetd implementation shipped with Debian Linux appears to be\n lacking the AYT vulnerability patch. This patch was devised by Red Hat\n (?) and incorporated into Debian packages, but later dropped. \n\n This exposes the platform to a remote root problem discovered by scut of\n TESO back in 2001 (CVE-2001-0554), as well as to other currently\n unpublished flaws associated with the old buffer handling code, and\n elliminated by the Red Hat\u0027s overhaul of buffer handling routines. \n\n Based on a review of package changelogs, my best guess is that the patch\n was accidentally dropped by Christoph Martin in December 2001, but I\n have not researched the matter any further. \n\nVendor response:\n\n I have contacted Debian security staff on August 29, and received a\n confirmation of the problem from Matt Zimmerman shortly thereafter. \n\n Since this is not a new flaw, I did not plan to release my own advisory,\n hoping they will release a DSA bulletin and fix the problem. Three weeks\n have passed, however, and Debian did not indicate any clear intent to\n release the information any time soon. They did release nine other\n advisories in the meantime, some of which were of lesser importance. \n\n As such, I believe it is a good idea to bring the problem to public\n attention, particularly since those running telnetd were and are,\n unbeknownst to them, vulnerable to existing exploits. \n\nWorkaround:\n\n Disable telnet service if not needed; manually apply Red Hat\n netkit patches, or compile the daemon from Red Hat sources. \n\n Note that netkit as such is no longer maintained by the author, and\n hence obtaining the most recent source tarball (0.17) is NOT\n sufficient. You may also examine other less popular telnetd\n implementations, but be advised that almost all are heavily based on the\n original code, and not always up-to-date with security fixes for that\n codebase. \n\n\nPS. Express your outrage: http://eprovisia.coredump.cx",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"db": "CERT/CC",
"id": "VU#745371"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"db": "BID",
"id": "3064"
},
{
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"db": "PACKETSTORM",
"id": "34414"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=21018",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2001-0554"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3064",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2001-0554",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "809",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#745371",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21018",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2001-0554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "34414",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#745371"
},
{
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"db": "BID",
"id": "3064"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"db": "PACKETSTORM",
"id": "34414"
},
{
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"id": "VAR-200108-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3056849
},
"last_update_date": "2023-12-18T13:21:23.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ibm.com/jp/"
},
{
"title": "Debian Security Advisories: DSA-075-1 netkit-telnet-ssl -- remote exploit",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a05118c557d210031007d9bc57bfeb01"
},
{
"title": "Cisco: Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20020903-vpn3k-vulnerability"
},
{
"title": "Cisco: Cisco CatOS Telnet Buffer Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20020129-catos-telrcv"
},
{
"title": "git-and-crumpets",
"trust": 0.1,
"url": "https://github.com/siddicky/git-and-crumpets "
},
{
"title": "DC-4-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/dc-4-vulnhub-walkthrough "
},
{
"title": "DC-2-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough "
},
{
"title": "DC-1-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/dc-1-vulnhub-walkthrough "
},
{
"title": "Basic-Pentesting-2",
"trust": 0.1,
"url": "https://github.com/vshaliii/basic-pentesting-2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.cert.org/advisories/ca-2001-21.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/3064"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"trust": 1.9,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-01:49.telnetd.asc"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"trust": 1.7,
"url": "http://www.calderasystems.com/support/security/advisories/cssa-2001-030.0.txt"
},
{
"trust": 1.7,
"url": "http://ftp.support.compaq.com/patches/.new/html/ssrt0745u.shtml"
},
{
"trust": 1.7,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"trust": 1.7,
"url": "http://www.linux-mandrake.com/en/security/2001/mdksa-2001-068.php3"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2001-099.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2001-100.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/809"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"trust": 1.1,
"url": "ftp://stage.caldera.com/pub/security/openserver/cssa-2001-sco.10/cssa-2001-sco.10.txt"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2001-012.txt.asc"
},
{
"trust": 1.1,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-p"
},
{
"trust": 0.8,
"url": "http://www.team-teso.net/advisories/teso-advisory-011.tar.gz"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0554"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0554"
},
{
"trust": 0.3,
"url": "/archive/1/375743"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/21018/"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/745371"
},
{
"trust": 0.1,
"url": "http://eprovisia.coredump.cx."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2001-0554"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#745371"
},
{
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"db": "BID",
"id": "3064"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"db": "PACKETSTORM",
"id": "34414"
},
{
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#745371"
},
{
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"db": "BID",
"id": "3064"
},
{
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"db": "PACKETSTORM",
"id": "34414"
},
{
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-07-24T00:00:00",
"db": "CERT/CC",
"id": "VU#745371"
},
{
"date": "2001-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"date": "2001-07-18T00:00:00",
"db": "BID",
"id": "3064"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"date": "2004-09-21T08:00:52",
"db": "PACKETSTORM",
"id": "34414"
},
{
"date": "2001-08-14T04:00:00",
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"date": "2001-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-04-16T00:00:00",
"db": "CERT/CC",
"id": "VU#745371"
},
{
"date": "2020-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2001-0554"
},
{
"date": "2001-07-18T00:00:00",
"db": "BID",
"id": "3064"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2001-000115"
},
{
"date": "2022-01-21T14:48:42.473000",
"db": "NVD",
"id": "CVE-2001-0554"
},
{
"date": "2022-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "34414"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options",
"sources": [
{
"db": "CERT/CC",
"id": "VU#745371"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-082"
}
],
"trust": 0.6
}
}
VAR-199712-0008
Vulnerability from variot - Updated: 2023-12-18 13:16FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. This problem is a design issue with the common implementation of the FTP protocol. In essence, the vulnerability is as follows: when a user FTP's into a host to retrieve files, the connection is two way (i.e. when you log in and request a file, the server then opens a connection back to your host of origin to deliver your requested data). Most FTP servers support what is called 'active mode' which allows users to specify a number of parameters to the FTP daemon. One of these is the PORT command, which lets you specify where you would like the return data connection to be sent. Therefore, instead of opening a connection back to yourself to drop off your requested files or data, you can then open that connection back to another host. This is true with both retrieving and putting data. Attackers can exploit this in some instances to circumvent access control, export restrictions, etc. There is a vulnerability in the FTP server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199712-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunos",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "4.1.4"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "4.1.3u1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "5.5"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "5.4"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "5.3"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "5.5.1"
},
{
"model": "unixware",
"scope": "eq",
"trust": 1.3,
"vendor": "sco",
"version": "2.1"
},
{
"model": "open desktop",
"scope": "eq",
"trust": 1.3,
"vendor": "sco",
"version": "3.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "2.0"
},
{
"model": "inet",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "5.01"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "1.0"
},
{
"model": "openlinux",
"scope": "eq",
"trust": 1.0,
"vendor": "caldera",
"version": "1.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "1.2"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.4"
},
{
"model": "inet",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "6.02"
},
{
"model": "wu-ftpd",
"scope": "eq",
"trust": 1.0,
"vendor": "washington university",
"version": "2.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "2.1.7"
},
{
"model": "inet",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "6.01"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "1.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "1.2.1"
},
{
"model": "reliant unix",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "university wu-ftpd academ[beta1-15]",
"scope": "eq",
"trust": 0.3,
"vendor": "washington",
"version": "2.4.2"
},
{
"model": "solaris x86",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "solaris 2.5 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.0.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.0"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "5.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "5.1.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "5.0.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "5.0"
},
{
"model": "irix h",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix g",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix e",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix d",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix a",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "4.0"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.3.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.3.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.3.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.2"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "4.1"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "4.0.0.4"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "3.1"
},
{
"model": "software serv-u",
"scope": "eq",
"trust": 0.3,
"vendor": "rhino",
"version": "3.0"
},
{
"model": "goat software mgftp",
"scope": "eq",
"trust": 0.3,
"vendor": "mad",
"version": "2.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.16"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.7"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.7.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.0.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.1.5.1"
},
{
"model": "unix d",
"scope": "eq",
"trust": 0.3,
"vendor": "digital",
"version": "4.0"
},
{
"model": "unix c",
"scope": "eq",
"trust": 0.3,
"vendor": "digital",
"version": "4.0"
},
{
"model": "unix b",
"scope": "eq",
"trust": 0.3,
"vendor": "digital",
"version": "4.0"
},
{
"model": "unix a",
"scope": "eq",
"trust": 0.3,
"vendor": "digital",
"version": "4.0"
},
{
"model": "unix",
"scope": "eq",
"trust": 0.3,
"vendor": "digital",
"version": "4.0"
},
{
"model": "unix g",
"scope": "eq",
"trust": 0.3,
"vendor": "digital",
"version": "3.2"
}
],
"sources": [
{
"db": "BID",
"id": "126"
},
{
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:inet:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:inet:6.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:washington_university:wu-ftpd:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:inet:6.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:open_desktop:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:caldera:openlinux:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:4.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.4:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:4.1.3u1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:unixware:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5.1:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This problem was initially posted to the Bugtraq mailing list by *Hobbit* (hobbit@avian.org) on July12/1995.",
"sources": [
{
"db": "BID",
"id": "126"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
],
"trust": 0.9
},
"cve": "CVE-1999-0017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-17",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-0017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-199712-006",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-17",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17"
},
{
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. This problem is a design issue with the common implementation of the FTP protocol. In essence, the vulnerability is as follows: when a user FTP\u0027s into a host to retrieve files, the connection is two way (i.e. when you log in and request a file, the server then opens a connection back to your host of origin to deliver your requested data). Most FTP servers support what is called \u0027active mode\u0027 which allows users to specify a number of parameters to the FTP daemon. One of these is the PORT command, which lets you specify *where* you would like the return data connection to be sent. Therefore, instead of opening a connection back to yourself to drop off your requested files or data, you can then open that connection back to another host. This is true with both retrieving and putting data. \nAttackers can exploit this in some instances to circumvent access control, export restrictions, etc. There is a vulnerability in the FTP server",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"db": "BID",
"id": "126"
},
{
"db": "VULHUB",
"id": "VHN-17"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0017",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006",
"trust": 0.7
},
{
"db": "BID",
"id": "126",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-17",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17"
},
{
"db": "BID",
"id": "126"
},
{
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"id": "VAR-199712-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-17"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:16:24.502000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/cve-1999-0017"
},
{
"trust": 0.3,
"url": "ftp://ftp.cert.org/pub/tech_tips/ftp_port_attacks"
},
{
"trust": 0.3,
"url": "ftp://ftp.avian.org/random/ftp-attack"
},
{
"trust": 0.3,
"url": "http://www.cert.org/advisories/ca-1997-27.html"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-17"
},
{
"db": "BID",
"id": "126"
},
{
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-17"
},
{
"db": "BID",
"id": "126"
},
{
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1997-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-17"
},
{
"date": "1995-07-12T00:00:00",
"db": "BID",
"id": "126"
},
{
"date": "1997-12-10T05:00:00",
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"date": "1997-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-17"
},
{
"date": "2007-12-18T20:05:00",
"db": "BID",
"id": "126"
},
{
"date": "2022-08-17T07:15:08.243000",
"db": "NVD",
"id": "CVE-1999-0017"
},
{
"date": "2022-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FTP Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199712-006"
}
],
"trust": 0.6
}
}
VAR-200303-0010
Vulnerability from variot - Updated: 2023-12-18 13:10OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.04"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.03"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.02"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.01"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.22"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.21"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.19"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.18"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.20"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.6,
"vendor": "stunnel",
"version": "4.0"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.17"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.16"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.15"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.14"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.13"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.12"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.11"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.9"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.8"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.7"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.10"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.3,
"vendor": "openpkg",
"version": "1.2"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.3,
"vendor": "openpkg",
"version": "1.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.0,
"vendor": "openpkg",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "covalent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crypto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foundry",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fressh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu libgcrypt",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intoto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sorceror linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stunnel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vandyke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cryptlib",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "esoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mod ssl",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "openssh",
"scope": "lte",
"trust": 0.8,
"vendor": "openbsd",
"version": "3.5"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.4"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.8"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.7"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.0"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "2.4"
},
{
"model": "cobalt raq xtr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "cobalt qube",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "4.00"
},
{
"model": "communications security ipsec express toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "communications security certificate/tls toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "mgetty-sendfax-1.1.14-8.i386.rpm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "mod ssl",
"scope": "eq",
"trust": 0.3,
"vendor": "mod ssl",
"version": "2.8.14"
},
{
"model": "igateway",
"scope": "eq",
"trust": 0.3,
"vendor": "intoto",
"version": "3.2"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.5"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.4"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.3"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.2"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.1"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.0"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.12"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.11"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.10"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.9"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.8"
},
{
"model": "networks ironview",
"scope": null,
"trust": 0.3,
"vendor": "foundry",
"version": null
},
{
"model": "big-ip blade controller ptf-01",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "crypto++ library",
"scope": "eq",
"trust": 0.3,
"vendor": "crypto",
"version": "5.0"
},
{
"model": "crypto++ library",
"scope": "eq",
"trust": 0.3,
"vendor": "crypto",
"version": "4.2"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.3"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.2"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.1"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.3"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.2"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.1"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2-2"
},
{
"model": "openvms -1h2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms -1h1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1-2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.5"
},
{
"model": "project openssl b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.3,
"vendor": "openssh",
"version": "3.6.1"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.07.01"
},
{
"model": "crypto++ library",
"scope": "ne",
"trust": 0.3,
"vendor": "crypto",
"version": "5.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Brumley and Dan Boneh.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0147",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0147",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#997481",
"trust": 0.8,
"value": "9.42"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-116",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server\u0027s private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "BID",
"id": "7101"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0147",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#997481",
"trust": 1.8
},
{
"db": "BID",
"id": "7101",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"id": "VAR-200303-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2023-12-18T13:10:54.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apache.org/"
},
{
"title": "HPSBUX00280",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00954663"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255"
},
{
"title": "HPSBUX0309-280",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0309-280.html"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html"
},
{
"title": "secadv_20030317",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030317.txt"
},
{
"title": "RHSA-2003:205",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-205.html"
},
{
"title": "RHSA-2003:102",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-102.html"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-101.html"
},
{
"title": "56380",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1"
},
{
"title": "56380",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3"
},
{
"title": "4 Apache \u0026amp; SSL Security 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Apache \u0026amp; SSL Security 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Apache \u0026amp; SSL Security 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-22.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:205",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-205j.html"
},
{
"title": "RHSA-2003:102",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-102j.html"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openssl.org/news/secadv_20030317.txt"
},
{
"trust": 1.1,
"url": "http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html"
},
{
"trust": 1.0,
"url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
},
{
"trust": 1.0,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
},
{
"trust": 1.0,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
},
{
"trust": 1.0,
"url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
},
{
"trust": 1.0,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2003/dsa-288"
},
{
"trust": 1.0,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
},
{
"trust": 1.0,
"url": "http://www.kb.cert.org/vuls/id/997481"
},
{
"trust": 1.0,
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035"
},
{
"trust": 1.0,
"url": "http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466"
},
{
"trust": 0.8,
"url": "http://ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.cryptography.com/resources/whitepapers/timingattacks.pdf"
},
{
"trust": 0.8,
"url": "http://www.bell-labs.com/user/bleichen/papers/chosen.ps"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf"
},
{
"trust": 0.8,
"url": "http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf"
},
{
"trust": 0.8,
"url": "http://islab.oregonstate.edu/documents/people/blaze/quantize.shar"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/unixfocus/5fp0c209fe.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/7101"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.eskimo.com/~weidai/cryptlib.html"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata31.html#kadmin"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata32.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/ip/deploy/ias/index.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.covalent.net/support/rotate.php?page=109"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/315884"
},
{
"trust": 0.3,
"url": "/archive/1/315904"
},
{
"trust": 0.3,
"url": "/archive/1/315292"
},
{
"trust": 0.3,
"url": "/archive/1/315069"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-25T00:00:00",
"db": "CERT/CC",
"id": "VU#997481"
},
{
"date": "2003-03-14T00:00:00",
"db": "BID",
"id": "7101"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"date": "2003-03-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"date": "2003-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#997481"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7101"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"date": "2018-10-19T15:29:26.540000",
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "7101"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "7101"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.9
}
}
VAR-200310-0080
Vulnerability from variot - Updated: 2023-12-18 12:59A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration. Note that Sendmail under a default configuration is not vulnerable to this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200310-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.5"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.1"
},
{
"model": "server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "advanced server",
"scope": "eq",
"trust": 1.9,
"vendor": "turbolinux",
"version": "6.0"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sendmail",
"version": null
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "gentoo",
"version": "1.2"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "gentoo",
"version": "0.7"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.4.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.6.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "gentoo",
"version": "0.5"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.0.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.3"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "1.2"
},
{
"model": "pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "1.1a"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "advanced message server",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "1.3"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.4"
},
{
"model": "pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.5"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.5"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.9"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "sendmail",
"scope": "lte",
"trust": 0.8,
"vendor": "sendmail consortium",
"version": "8.12.9"
},
{
"model": "cobalt qube3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "linux 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "turbolinux advanced server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "11.04"
},
{
"model": "tru64 pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "tru64 f pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "consortium sendmail beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "tru64 pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "nonstop-ux whitney",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "linux rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "linux rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "consortium sendmail beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.7"
},
{
"model": "tru64 g pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5x86"
},
{
"model": "inc sendmail advanced message server",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "1.2"
},
{
"model": "tru64 b pk2",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "tru64 a pk5",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.8"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "nonstop-ux puma",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "tru64 f pk7",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "tru64 pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 f pk8",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.8.8"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "consortium sendmail beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "sh3",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "inc sendmail advanced message server",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "1.3"
},
{
"model": "altavista firewall avfw98",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "tru64 a pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 b pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.9"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.4"
},
{
"model": "consortium sendmail beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "tru64 a pk2",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "alphaserver sc",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "tru64 pk5",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "linux a",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "tru64 g pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.9"
},
{
"model": "linux rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "consortium sendmail",
"scope": "ne",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.10"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "altavista firewall raptor ec",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108964"
},
{
"db": "BID",
"id": "8649"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0681"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability has been credited to Timo Sirainen.",
"sources": [
{
"db": "BID",
"id": "8649"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
],
"trust": 0.9
},
"cve": "CVE-2003-0681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0681",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0681",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#108964",
"trust": 0.8,
"value": "6.33"
},
{
"author": "CNNVD",
"id": "CNNVD-200310-016",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7506",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-0681",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108964"
},
{
"db": "VULHUB",
"id": "VHN-7506"
},
{
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration. Note that Sendmail under a default configuration is not vulnerable to this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"db": "CERT/CC",
"id": "VU#108964"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"db": "BID",
"id": "8649"
},
{
"db": "VULHUB",
"id": "VHN-7506"
},
{
"db": "VULMON",
"id": "CVE-2003-0681"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7506",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=23154",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7506"
},
{
"db": "VULMON",
"id": "CVE-2003-0681"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0681",
"trust": 2.9
},
{
"db": "CERT/CC",
"id": "VU#108964",
"trust": 2.8
},
{
"db": "BID",
"id": "8649",
"trust": 2.3
},
{
"db": "XF",
"id": "13216",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "23154",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-76930",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7506",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0681",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108964"
},
{
"db": "VULHUB",
"id": "VHN-7506"
},
{
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"db": "BID",
"id": "8649"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
]
},
"id": "VAR-200310-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7506"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:39.504000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX00281",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01035741"
},
{
"title": "RHSA-2003:283",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-283.html"
},
{
"title": "8.12.10",
"trust": 0.8,
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"title": "57573",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57573-1"
},
{
"title": "56922",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56922-1"
},
{
"title": "57573",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57573-3"
},
{
"title": "56922",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56922-3"
},
{
"title": "4 Sendmail Security Update 2.0.2",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Sendmail Security Update 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Sendmail Security Update 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-52",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-52.txt"
},
{
"title": "RHSA-2003:283",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-283j.html"
},
{
"title": "TLSA-2003-52",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-52j.txt"
},
{
"title": "Debian Security Advisories: DSA-384-1 sendmail -- buffer overflows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=243b978e3f17d13dd590ac7cfc4a472f"
},
{
"title": "x0rzEQGRP",
"trust": 0.1,
"url": "https://github.com/happysmack/x0rzeqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/nekkidso/eqgrp "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/devkosov/test "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/hackcrypto/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/ninja-tw1st/eqgrp "
},
{
"title": "leaked2",
"trust": 0.1,
"url": "https://github.com/kongjiexi/leaked2 "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/391861737/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/muhammd/eqgrp "
},
{
"title": "ShadowBrokersFiles",
"trust": 0.1,
"url": "https://github.com/r3k1ng/shadowbrokersfiles "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/ckmaenn/eqgrp "
},
{
"title": "EQGRP_Linux",
"trust": 0.1,
"url": "https://github.com/cybernetix-s3c/eqgrp_linux "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/iha114/eqgrp "
},
{
"title": "ShadowBrokersFiles",
"trust": 0.1,
"url": "https://github.com/antiscammerarmy/shadowbrokersfiles "
},
{
"title": "shadowbrokerstuff",
"trust": 0.1,
"url": "https://github.com/thetrentusdev/shadowbrokerstuff "
},
{
"title": "bdhglopoj",
"trust": 0.1,
"url": "https://github.com/maxcvnd/bdhglopoj "
},
{
"title": "shadowbrokerstuff",
"trust": 0.1,
"url": "https://github.com/shakenetwork/shadowbrokerstuff "
},
{
"title": "x0rz-EQGRP",
"trust": 0.1,
"url": "https://github.com/r3p3r/x0rz-eqgrp "
},
{
"title": "ShadowBrokersStuff",
"trust": 0.1,
"url": "https://github.com/thetrentus/shadowbrokersstuff "
},
{
"title": "EQ1",
"trust": 0.1,
"url": "https://github.com/thepevertedspartan/eq1 "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/badbug6/eqgrp "
},
{
"title": "EQGRP-nasa",
"trust": 0.1,
"url": "https://github.com/soldie/eqgrp-nasa "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/mofty/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/thetrentus/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/namangangwar/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/x0rz/eqgrp "
},
{
"title": "SB--.-HACK-the-EQGRP-1",
"trust": 0.1,
"url": "https://github.com/cipherreborn/sb--.-hack-the-eqgrp-1 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.securityfocus.com/bid/8649"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/108964"
},
{
"trust": 1.5,
"url": "http://www.sendmail.org/8.12.10.html"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2003/dsa-384"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:092"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a3606"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a595"
},
{
"trust": 1.2,
"url": "http://www.redhat.com/support/errata/rhsa-2003-283.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216"
},
{
"trust": 1.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000742"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106383437615742\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=106398718909274\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.sendmail.com"
},
{
"trust": 0.8,
"url": "http://www.sendmail.org"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0681"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/13216"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0681"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000746"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f56922"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57573"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/qube3.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026nav=patchpage"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106383437615742\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106398718909274\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000742"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/23154/"
},
{
"trust": 0.1,
"url": "https://github.com/hackcrypto/eqgrp"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-384"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108964"
},
{
"db": "VULHUB",
"id": "VHN-7506"
},
{
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"db": "BID",
"id": "8649"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"db": "NVD",
"id": "CVE-2003-0681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#108964"
},
{
"db": "VULHUB",
"id": "VHN-7506"
},
{
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"db": "BID",
"id": "8649"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#108964"
},
{
"date": "2003-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-7506"
},
{
"date": "2003-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"date": "2003-09-17T00:00:00",
"db": "BID",
"id": "8649"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"date": "2003-10-06T04:00:00",
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"date": "2003-10-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#108964"
},
{
"date": "2018-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-7506"
},
{
"date": "2018-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0681"
},
{
"date": "2007-09-22T00:30:00",
"db": "BID",
"id": "8649"
},
{
"date": "2007-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000277"
},
{
"date": "2018-05-03T01:29:21.663000",
"db": "NVD",
"id": "CVE-2003-0681"
},
{
"date": "2006-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sendmail Ruleset Parsing Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "8649"
},
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200310-016"
}
],
"trust": 0.6
}
}
VAR-200708-0119
Vulnerability from variot - Updated: 2023-12-18 12:53Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. HP-UX is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. HP-UX 11.11i is vulnerable; other versions may also be affected. HP-UX is a UNIX operating system developed by HP. Remote attackers may use this vulnerability to control the server.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: HP-UX 11.11 ldcconn Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA26373
VERIFY ADVISORY: http://secunia.com/advisories/26373/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From local network
OPERATING SYSTEM: HP-UX 11.x http://secunia.com/product/138/
DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in ldcconn and can be exploited to cause a buffer overflow by sending an overly long string to the service (default port 17781/TCP).
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in the HP Controller for Cisco Local Director package on HP-UX 11.11i.
SOLUTION: The vendor recommends using another tool as the package has been obsolete since 2002 and is no longer supported.
PROVIDED AND/OR DISCOVERED BY: iDefense Labs
ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=572
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "11.11i"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "9.00 11.11i"
},
{
"model": "hp-ux 11.11i",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "25227"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:local_director:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-4241",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-27603",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4241",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-147",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-27603",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27603"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. HP-UX is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. \nAn attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. \nHP-UX 11.11i is vulnerable; other versions may also be affected. HP-UX is a UNIX operating system developed by HP. Remote attackers may use this vulnerability to control the server. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHP-UX 11.11 ldcconn Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA26373\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26373/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nHP-UX 11.x\nhttp://secunia.com/product/138/\n\nDESCRIPTION:\nA vulnerability has been reported in HP-UX, which can be exploited by\nmalicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in ldcconn and\ncan be exploited to cause a buffer overflow by sending an overly long\nstring to the service (default port 17781/TCP). \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is reported in the HP Controller for Cisco Local\nDirector package on HP-UX 11.11i. \n\nSOLUTION:\nThe vendor recommends using another tool as the package has been\nobsolete since 2002 and is no longer supported. \n\nPROVIDED AND/OR DISCOVERED BY:\niDefense Labs\n\nORIGINAL ADVISORY:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=572\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"db": "BID",
"id": "25227"
},
{
"db": "VULHUB",
"id": "VHN-27603"
},
{
"db": "PACKETSTORM",
"id": "58393"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4241",
"trust": 2.8
},
{
"db": "BID",
"id": "25227",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26373",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2007-2813",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018524",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200708-147",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20070807 HEWLETT-PACKARD HP-UX REMOTE LDCCONN BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "35847",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-27603",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58393",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27603"
},
{
"db": "BID",
"id": "25227"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"db": "PACKETSTORM",
"id": "58393"
},
{
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"id": "VAR-200708-0119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27603"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:53:05.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hp.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=572"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25227"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1018524"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26373"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2813"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4241"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4241"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35847"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2813"
},
{
"trust": 0.3,
"url": "http://www.hp.com/products1/unix/"
},
{
"trust": 0.3,
"url": "/archive/1/475766"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26373/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/138/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27603"
},
{
"db": "BID",
"id": "25227"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"db": "PACKETSTORM",
"id": "58393"
},
{
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27603"
},
{
"db": "BID",
"id": "25227"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"db": "PACKETSTORM",
"id": "58393"
},
{
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-27603"
},
{
"date": "2007-08-07T00:00:00",
"db": "BID",
"id": "25227"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"date": "2007-08-10T02:01:07",
"db": "PACKETSTORM",
"id": "58393"
},
{
"date": "2007-08-08T22:17:00",
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"date": "2007-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-27603"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25227"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004247"
},
{
"date": "2017-07-29T01:32:48.160000",
"db": "NVD",
"id": "CVE-2007-4241"
},
{
"date": "2007-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP-UX upper Cisco Local Director of HP Controller Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-147"
}
],
"trust": 0.6
}
}
VAR-200205-0149
Vulnerability from variot - Updated: 2023-12-18 12:47Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. The resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. SNMP requests are messages sent from manager to agent systems. They typically poll the agent for current performance or configuration information, ask for the next SNMP object in a Management Information Base (MIB), or modify the configuration settings of the agent. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. It is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
Original release date: February 12, 2002 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Products from a very wide variety of vendors may be affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186
Many other systems making use of SNMP may also be vulnerable but were not specifically tested.
In addition to this advisory, we also have an FAQ available at http://www.cert.org/tech_tips/snmp_faq.html
I. Description
The Simple Network Management Protocol (SNMP) is a widely deployed protocol that is commonly used to monitor and manage network devices. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous vulnerabilities in SNMPv1 implementations from many different vendors. More information about SNMP and OUSPG can be found in Appendix C
OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device.
Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.
These vulnerabilities have been assigned the CVE identifiers CAN-2002-0012 and CAN-2002-0013, respectively.
II.
III. Solution
Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this advisory. Please consult this appendix to determine if you need to contact your vendor directly.
Disable the SNMP service
As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required, including SNMP. Unfortunately, some of the affected products exhibited unexpected behavior or denial of service conditions when exposed to the OUSPG test suite even if SNMP was not enabled. In these cases, disabling SNMP should be used in conjunction with the filtering practices listed below to provide additional protection.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SNMP services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.
snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages
The following services are less common, but may be used on some affected products
snmp 161/tcp # Simple Network Management Protocol (SNMP) snmp 162/tcp # SNMP system management messages smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # SNMP Unix Multiplexer synoptics-relay 391/tcp # SynOptics SNMP Relay Port synoptics-relay 391/udp # SynOptics SNMP Relay Port agentx 705/tcp # AgentX snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port
As noted above, you should carefully consider the impact of blocking services that you may be using.
It is important to note that in many SNMP implementations, the SNMP daemon may bind to all IP interfaces on the device. This has important consequences when considering appropriate packet filtering measures required to protect an SNMP-enabled device. For example, even if a device disallows SNMP packets directed to the IP addresses of its normal network interfaces, it may still be possible to exploit these vulnerabilities on that device through the use of packets directed at the following IP addresses: * "all-ones" broadcast address * subnet broadcast address * any internal loopback addresses (commonly used in routers for management purposes, not to be confused with the IP stack loopback address 127.0.0.1)
Careful consideration should be given to addresses of the types mentioned above by sites planning for packet filtering as part of their mitigation strategy for these vulnerabilities.
Finally, sites may wish to block access to the following RPC services related to SNMP (listed as name, program ID, alternate names)
snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk snmpv2 100138 na.snmpv2 # SNM Version 2.2.2 snmpXdmid 100249
Please note that this workaround may not protect vulnerable devices from internal attacks.
Filter SNMP traffic from non-authorized internal hosts
In many networks, only a limited number of network management systems need to originate SNMP request messages. This can reduce, but not wholly eliminate, the risk from internal attacks. However, it may have detrimental effects on network performance due to the increased load imposed by the filtering, so careful consideration is required before implementation. Similar caveats to the previous workaround regarding broadcast and loopback addresses apply.
Change default community strings
Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. As with any known default access control mechanism, the CERT/CC recommends that network administrators change these community strings to something of their own choosing. However, even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.
Because many of the vulnerabilities identified in this advisory occur before the community strings are evaluated, it is important to note that performing this step alone is not sufficient to mitigate the impact of these vulnerabilities. Nonetheless, it should be performed as part of good security practice.
Segregate SNMP traffic onto a separate management network
In situations where blocking or disabling SNMP is not possible, exposure to these vulnerabilities may be limited by restricting all SNMP access to separate, isolated management networks that are not publicly accessible. Although this would ideally involve physically separate networks, that kind of separation is probably not feasible in most environments. Mechanisms such as virtual LANs (VLANs) may be used to help segregate traffic on the same physical network. Note that VLANs may not strictly prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
Another option is for sites to restrict SNMP traffic to separate virtual private networks (VPNs), which employ cryptographically strong authentication.
Note that these solutions may require extensive changes to a site's network architecture.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network under your administrative control. There is typically limited need for machines providing public services to initiate outbound traffic to the Internet. In the case of SNMP vulnerabilities, employing egress filtering on the ports listed above at your network border can prevent your network from being used as a source for attacks on other sites.
Disable stack execution
Disabling executable stacks (on systems where this is configurable) can reduce the risk of "stack smashing" attacks based on these vulnerabilities. Although this does not provide 100 percent protection against exploitation of these vulnerabilities, it makes the likelihood of a successful exploit much smaller. On many UNIX systems, executable stacks can be disabled by adding the following lines to /etc/system:
set noexec_user_stack = 1 set noexec_user_stack_log = 1
Note that this may go against the SPARC and Intel ABIs and can be bypassed as required in programs with mprotect(2). For the changes to take effect you will then need to reboot.
Other operating systems and architectures also support the disabling of executable stacks either through native configuration parameters or via third-party software. Consult your vendor(s) for additional information.
Share tools and techniques
Because dealing with these vulnerabilities to systems and networks is so complex, the CERT/CC will provide a forum where administrators can share ideas and techniques that can be used to develop proper defenses. We have created an unmoderated mailing list for system and network administrators to discuss helpful techniques and tools.
You can subscribe to the mailing list by sending an email message to majordomo@cert.org. In the body of the message, type
subscribe snmp-forum
After you receive the confirmation message, follow the instructions in the message to complete the subscription process.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
AdventNet
This is in reference to your notification regarding [VU#107186 and
VU#854306] and OUSPG#0100. AdventNet Inc. has reproduced this
behavior in their products and coded a Service Pack fix which is
currently in regression testing in AdventNet Inc.'s Q.A.
organization. The release of AdventNet Inc's. Service Pack
correcting the behavior outlined in VU#617947, and OUSPG#0100 is
scheduled to be generally available to all of AdventNet Inc.'s
customers by February 20, 2002.
Avaya
Avaya Inc. No further information is available at this time.
CacheFlow
The purpose of this email is to advise you that CacheFlow Inc. has
provided a software update. Please be advised that updated versions
of the software are now available for all supported CacheFlow
hardware platforms, and may be obtained by CacheFlow customers at
the following URL:
http://download.cacheflow.com/
The specific reference to the software update is contained within the Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15 Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149.
RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm
RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm
* SR 1-1647517, VI 13045: This update modified a potential
vulnerability by using an SNMP test tools exploit.
3Com Corporation
A vulnerability to an SNMP packet with an invalid length community
string has been resolved in the following products. Customers
concerned about this weakness should ensure that they upgrade to
the following agent versions:
PS Hub 40
2.16 is due Feb 2002
PS Hub 50
2.16 is due Feb 2002
Dual Speed Hub
2.16 is due Jan 2002
Switch 1100/3300
2.68 is available now
Switch 4400
2.02 is available now
Switch 4900
2.04 is available now
WebCache1000/3000
2.00 is due Jan 2002
Caldera
Caldera International, Inc. has reproduced faulty behavior in
Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX
8. We have coded a software fix for supported versions of Caldera
UnixWare 7 and Caldera Open UNIX 8 that will be available from
our support site at http://stage.caldera.com/support/security
immediately following the publication of this CERT announcement. A
fix for supported versions of OpenServer 5 will be available at a
later date.
Cisco Systems
Cisco Systems is addressing the vulnerabilities identified by
VU#854306 and VU#107186 across its entire product line. Cisco will
publish a security advisory with further details at
http://www.cisco.com/go/psirt/.
Compaq Computer Corporation
x-ref: SSRT0779U SNMP
At the time of writing this document, COMPAQ continues to evaluate
this potential problem and when new versions of SNMP are available,
COMPAQ will implement solutions based on the new code. Compaq will
provide notice of any new patches as a result of that effort
through standard patch notification procedures and be available
from your normal Compaq Services support channel.
Computer Associates
Computer Associates has confirmed Unicenter vulnerability to the
SNMP advisory identified by CERT notification reference [VU#107186
& VU#854306] and OUSPG#0100. We have produced corrective
maintenance to address these vulnerabilities, which is in the
process of publication for all applicable releases / platforms and
will be offered through the CA Support site. Please contact our
Technical Support organization for information regarding
availability / applicability for your specific configuration(s).
COMTEK Services, Inc.
NMServer for AS/400 is not an SNMP master and is therefore not
vulnerable. However this product requires the use of the AS/400
SNMP master agent supplied by IBM.
NMServer for OpenVMS has been tested and has shown to be
vulnerable. COMTEK Services is preparing a new release of this
product (version 3.5) which will contain a fix for this problem.
This new release is scheduled to be available in February 2002.
Contact COMTEK Services for further information.
NMServer for VOS has not as yet been tested; vulnerability of this
agent is unknown. Contact for further information on the testing
schedule of the VOS product.
Covalent Technologies
Covalent Technologies ERS (Enterprise Ready Server), Secure Server,
and Conductor SNMP module are not vulnerable according to testing
performed in accordance with CERT recommendations. Security
information for Covalent products can be found at www.covalent.net
Dartware, LLC
Dartware, LLC (www.dartware.com) supplies two products that use
SNMPv1 in a manager role, InterMapper and SNMP Watcher. This statement applies to all present
and past versions of these two software packages.
DMH Software
DMH Software is in the process of evaluating and attempting to
reproduce this behavior.
It is unclear at this point if our snmp-agent is sensitive to the
tests described above.
If any problems will be discovered, DMH Software will code a
software fix.
The release of DMH Software OS correcting the behavior outlined in
VU#854306, VU#107186, and OUSPG#0100 will be generally available to
all of DMH Software's customers as soon as possible.
EnGarde Secure Linux
EnGarde Secure Linux did not ship any SNMP packages in version
1.0.1 of our distribution, so we are not vulnerable to either bug.
FreeBSD
FreeBSD does not include any SNMP software by default, and so is
not vulnerable. However, the FreeBSD Ports Collection contains the
UCD-SNMP / NET-SNMP package. Package versions prior to
ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release
will ship the corrected version of the UCD-SNMP / NET-SNMP
package. In addition, the corrected version of the packages is
available from the FreeBSD mirrors.
FreeBSD has issued the following FreeBSD Security Advisory
regarding the UCD-SNMP / NET-SNMP package:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.
snmp.asc.
Hewlett-Packard Company
SUMMARY - known vulnerable:
========================================
hp procurve switch 2524
NNM (Network Node Manager)
JetDirect Firmware (Older versions only)
HP-UX Systems running snmpd or OPENVIEW
MC/ServiceGuard
EMS
Still under investigation:
SNMP/iX (MPE/iX)
========================================
_________________________________________________________
---------------------------------------------------------
hp procurve switch 2524
---------------------------------------------------------
hp procurve switch 2525 (product J4813A) is vulnerable to some
issues, patches in process. Watch for the associated HP
Security Bulletin.
---------------------------------------------------------
NNM (Network Node Manager)
---------------------------------------------------------
Some problems were found in NNM product were related to
trap handling. Patches in process. Watch for the
associated HP Security Bulletin.
---------------------------------------------------------
JetDirect Firmware (Older versions only)
---------------------------------------------------------
ONLY some older versions of JetDirect Firmware are
vulnerable to some of the issues. The older firmware
can be upgraded in most cases, see list below.
JetDirect Firmware Version State
========================== =====
X.08.32 and higher NOT Vulnerable
X.21.00 and higher NOT Vulnerable
JetDirect Product Numbers that can be freely
upgraded to X.08.32 or X.21.00 or higher firmware.
EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
J3110A 10T
J3111A 10T/10B2/LocalTalk
J3112A Token Ring (discontinued)
J3113A 10/100 (discontinued)
J4169A 10/100
J4167A Token Ring
MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
J2550A/B 10T (discontinued)
J2552A/B 10T/10Base2/LocalTalk (discontinued)
J2555A/B Token Ring (discontinued)
J4100A 10/100
J4105A Token Ring
J4106A 10T
External Print Servers
J2591A EX+ (discontinued)
J2593A EX+3 10T/10B2 (discontinued)
J2594A EX+3 Token Ring (discontinued)
J3263A 300X 10/100
J3264A 500X Token Ring
J3265A 500X 10/100
----------------------------------------------------------
HP-UX Systems running snmpd or OPENVIEW
----------------------------------------------------------
The following patches are available now:
PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch
PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated
Patch
All three patches are available from:
http://support.openview.hp.com/cpe/patches/
In addition PHSS_26137 and PHSS_26138 will soon be available from:
http://itrc.hp.com
================================================================
NOTE: The patches are labeled OV(Open View). However, the patches
are also applicable to systems that are not running Open View.
=================================================================
Any HP-UX 10.X or 11.X system running snmpd or snmpdm is
vulnerable.
To determine if your HP-UX system has snmpd or snmpdm installed:
swlist -l file | grep snmpd
If a patch is not available for your platform or you cannot install
an available patch, snmpd and snmpdm can be disabled by removing
their
entries from /etc/services and removing the execute permissions
from
/usr/sbin/snmpd and /usr/sbin/snmpdm.
----------------------------------------------------------------
Investigation completed, systems vulnerable.
----------------------------------------------------------------
MC/ServiceGuard
Event Monitoring System (EMS)
----------------------------------------------------------------
Still under investigation:
----------------------------------------------------------------
SNMP/iX (MPE/iX)
Hirschmann Electronics GmbH & Co. KG
Hirschmann Electronics GmbH & Co. KG supplies a broad range of
networking products, some of which are affected by the SNMP
vulnerabilities identified by CERT Coordination Center. Hirschmann customers may contact our Competence
Center (phone +49-7127-14-1538, email:
ans-support@nt.hirschmann.de) for additional information,
especially regarding availability of latest firmware releases
addressing the SNMP vulnerabilities.
IBM Corporation
Based upon the results of running the test suites we have
determined that our version of SNMP shipped with AIX is NOT
vulnerable.
Innerdive Solutions, LLC
Innerdive Solutions, LLC has two SNMP based products:
1. The "SNMP MIB Scout"
(http://www.innerdive.com/products/mibscout/)
2. The "Router IP Console" (http://www.innerdive.com/products/ric/)
The "SNMP MIB Scout" is not vulnerable to either bug.
The "Router IP Console" releases prior to 3.3.0.407 are vulnerable.
The release of "Router IP Console" correcting the behavior outlined
in OUSPG#0100 is 3.3.0.407 and is already available on our site.
Also, we will notify all our customers about this new release no
later than March 5, 2002.
Juniper Networks
This is in reference to your notification regarding CAN-2002-0012
and CAN-2002-0013. Juniper Networks has reproduced this behavior
and coded a software fix. The fix will be included in all releases
of JUNOS Internet software built after January 5, 2002. Customers
with current support contracts can download new software with the
fix from Juniper's web site at www.juniper.net.
Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can
only be reproduced in JUNOS Internet software if certain tracing
options are enabled. These options are generally not enabled in
production routers.
Lantronix, Inc.
Lantronix is committed to resolving security issues with our
products. The SNMP security bug you reported has been fixed in LRS
firmware version B1.3/611(020123).
Lotus Development Corporation
Lotus Software evaluated the Lotus Domino Server for
vulnerabilities using the test suite materials provided by OUSPG.
This problem does not affect default installations of the Domino
Server. However, SNMP agents can be installed from the CD to
provide SNMP services for the Domino Server (these are located in
the /apps/sysmgmt/agents directory). The optional platform
specific master and encapsulator agents included with the Lotus
Domino SNMP Agents for HP-UX and Solaris have been found to be
vulnerable. For those platforms, customers should upgrade to
version R5.0.1 a of the Lotus Domino SNMP Agents, available for
download from the Lotus Knowledge Base on the IBM Support Web Site
(http://www.ibm.com/software/lotus/support/). Please refer to
Document #191059, "Lotus Domino SNMP Agents R5.0.1a", also in the
Lotus Knowledge Base, for more details.
LOGEC Systems Inc
The products from LOGEC Systems are exposed to SNMP only via HP
OpenView. We do not have an implementation of SNMP ourselves. As
such, there is nothing in our products that would be an issue with
this alert.
Lucent
Lucent is aware of reports that there is a vulnerability in certain
implementations of the SNMP (Simple Network Management Protocol)
code that is used in data switches and other hardware throughout
the telecom industry.
As soon as we were notified by CERT, we began assessing our product
portfolio and notifying customers with products that might be
affected.
Our 5ESS switch and most of our optical portfolio were not
affected. Our core and edge ATM switches and most of our edge
access products are affected, but we have developed, tested, and
deployed fixes for many of those products to our customers.
We consider the security and reliability of our customers' networks
to be one of our critical measures of success. We take every
reasonable measure to ensure their satisfaction.
In addition, we are working with customers on ways to further
enhance the security they have in place today.
Marconi
Marconi supplies a broad range of telecommunications and related
products, some of which are affected by the SNMP vulnerabilities
identified here. Those
Marconi customers with support entitlement may contact the
appropriate Technical Assistance Center (TAC) for additional
information. Those not under support entitlement may contact their
sales representative.
Microsoft Corporation
The Microsoft Security Reponse [sic] Center has investigated this
issue, and provides the following information. The SNMP v1 service is not installed or running by
default on any version of Windows. A patch is underway to eliminate
the vulnerability. In the meantime, we recommend that affected
customers disable the SNMP v1 service.
Details:
An SNMP v1 service ships on the CDs for Windows 95, 98, and 98SE.
It is not installed or running by default on any of these
platforms. An SNMP v1 is NOT provided for Windows ME. However, it
is possible that Windows 98 machines which had the service
installed and were upgraded would still have the service. Since
SNMP is not supported for WinME, customers in this situation are
urged to remove the SNMP service.
An SNMP v1 service is available on Windows NT 4.0 (including
Terminal Server Edition) and Windows 2000 but is not installed or
running by default on any of these platforms.Windows XP does not
ship with an SNMP v1 service.
Remediation:
A patch is underway for the affected platforms, and will be
released shortly. In the meantime, Microsoft recommends that
customers who have the SNMP v1 service running disable it to
protect their systems. Following are instruction for doing this:
Windows 95, 98 and 98SE:
1. In Control Panel, double-click Network.
2. On the Configuration tab, select Microsoft SNMP Agent from the
list of installed components.
3. Click Remove
Check the following keys and confirm that snmp.exe is not listed.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSer
vices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
For Windows XP:
1. Right-click on My Computer and select Manage
2. Click on Services and Applications, then on Services
3. Location SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close the Computer
Management window.
For Windows NT 4.0 (including Terminal Server Edition):
1. Select Start, then Settings.
2. Select Control Panel, then click on the Services Icon
3. Locate SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close Control Panel
Windows 2000:
1. Right-click on My Computer and select Manage
2. Click on Services and Applications, then on Services
3. Location SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close the Computer
Management window.
Multinet
MultiNet and TCPware customers should contact Process Software to
check for the availability of patches for this issue. A couple of
minor problems were found and fixed, but there is no security risk
related to the SNMP code included with either product.
Netaphor
NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP
Manager Toolkit and Cyberons for Java -- NMS Application Toolkit,
two Java based products that may be affected by the SNMP
vulnerabilities identified here. The manner in which they are
affected and the actions required (if any) to avoid being impacted
by exploitation of these vulnerabilities, may be obtained by
contacting Netaphor via email at info@netaphor.com Customers with
annual support may contact support@netaphor.com directly. Those not
under support entitlement may contact Netaphor sales:
sales@netaphor.com or (949) 470 7955 in USA.
NetBSD
NetBSD does not ship with any SNMP tools in our 'base' releases. We
do provide optional packages which provide various support for
SNMP. These packages are not installed by default, nor are they
currently provided as an install option by the operating system
installation tools. A system administrator/end-user has to manually
install this with our package management tools. These SNMP packages
include:
+ netsaint-plugin-snmp-1.2.8.4 (SNMP monitoring plug-in for
netsaint)
+ p5-Net-SNMP-3.60 (perl5 module for SNMP queries)
+ p5-SNMP-3.1.0 (Perl5 module for interfacing to the UCD SNMP
library
+ p5-SNMP_Session-0.83 (perl5 module providing rudimentary
access to remote SNMP agents)
+ ucd-snmp-4.2.1 (Extensible SNMP implementation) (conflicts
with ucd-snmp-4.1.2)
+ ucd-snmp-4.1.2 (Extensible SNMP implementation) (conflicts
with ucd-snmp-4.2.1)
We do provide a software monitoring mechanism called
'audit-packages', which allows us to highlight if a package with a
range of versions has a potential vulnerability, and recommends
that the end-user upgrade the packages in question.
Netscape Communications Corporation
Netscape continues to be committed to maintaining a high level of
quality in our software and service offerings. Part of this
commitment includes prompt response to security issues discovered
by organizations such as the CERT Coordination Center.
According to a recent CERT/CC advisory, The Oulu University Secure
Programming Group (OUSPG) has reported numerous vulnerabilities in
multiple vendor SNMPv1 implementations.
We have carefully examined the reported findings, performing the
tests suggested by the OUSPG to determine whether Netscape server
products were subject to these vulnerabilities. It was determined
that several products fell into this category. As a result, we have
created fixes which will resolve the issues, and these fixes will
appear in future releases of our product line. To Netscape's
knowledge, there are no known instances of these vulnerabilities
being exploited and no customers have been affected to date.
When such security warnings are issued, Netscape has committed to -
and will continue to commit to - resolving these issues in a prompt
and timely fashion, ensuring that our customers receive products of
the highest quality and security.
NET-SNMP
All ucd-snmp version prior to 4.2.2 are susceptible to this
vulnerability and users of versions prior to version 4.2.2 are
encouraged to upgrade their software as soon as possible
(http://www.net-snmp.org/download/). Version 4.2.2 and higher are
not susceptible.
Network Associates
PGP is not affected, impacted, or otherwise related to this VU#.
Network Computing Technologies
Network Computing Technologies has reviewed the information
regarding SNMP vulnerabilities and is currently investigating the
impact to our products.
Nokia
This vulnerability is known to affect IPSO versions 3.1.3, 3.3,
3.3.1, 3.4, and 3.4.1. Patches are currently available for
versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia
website. In addition, version 3.4.2 shipped with the patch
incorporated, and the necessary fix will be included in all future
releases of IPSO.
We recommend customers install the patch immediately or follow the
recommended precautions below to avoid any potential exploit.
If you are not using SNMP services, including Traps, simply disable
the SNMP daemon to completely eliminate the potential
vulnerability.
If you are using only SNMP Traps and running Check Point
FireWall-1, create a firewall policy to disallow incoming SNMP
messages on all appropriate interfaces. Traps will continue to work
normally.
Nortel Networks
The CERT Coordination Center has issued a broad based alert to the
technology industry, including Nortel Networks, regarding potential
security vulnerabilities identified in the Simple Network
Management Protocol (SNMP), a common networking standard. The
company is working with CERT and other network equipment
manufacturers, the U.S. Government, service providers, and software
suppliers to assess and address this issue.
Novell
Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on
NetWare are fixed and will be available through NetWare 6 Support
Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at
http://support.novell.com/tools/csp/
OpenBSD
OpenBSD does not ship SNMP code.
Qualcomm
WorldMail does not support SNMP by default, so customers who run
unmodified installations are not vulnerable.
Redback Networks, Inc.
Redback Networks, Inc. has identified that the vulnerability in
question affects certain versions of AOS software on the SMS 500,
SMS 1800, and SMS 10000 platforms, and is taking the appropriate
steps necessary to correct the issue.
Red Hat
RedHat has released a security advisiory [sic] at
http://www.redhat.com/support/errata/RHSA-2001-163.html
with updated versions of the ucd-snmp package for all supported
releases and architectures. For more information or to download the
update please visit this page.
SGI
SGI acknowledges the SNMP vulnerabilities reported by CERT and is
currently investigating. No further information is available at
this time.
For the protection of all our customers, SGI does not disclose,
discuss or confirm vulnerabilities until a full investigation has
occurred and any necessary patch(es) or release streams are
available for all vulnerable and supported IRIX operating systems.
Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable
and take appropriate steps according to local site security
policies and requirements. As further information becomes
available, additional advisories will be issued via the normal SGI
security information distribution methods including the wiretap
mailing list on http://www.sgi.com/support/security/.
SNMP Research International
SNMP Research has made the following vendor statement. They are
likely to revise and expand the statement as the date for the
public vulnerability announcement draws nearer. Users maintaining
earlier releases should update to the current release if they have
not already done so. Up-to-date information is available from
support@snmp.com. Other Stonesoft's products are
still under investigation. As further information becomes
available, additional advisories will be available at
http://www.stonesoft.com/support/techcenter/
Sun Microsystems, Inc.
Sun's SNMP product, Solstice Enterprise Agents (SEA), described
here:
http://www.sun.com/solstice/products/ent.agents/
is affected by VU#854306 but not VU#107186. More specifically the
main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8.
Sun is currently generating patches for this issue and will be
releasing a Sun Security Bulletin once the patches are available.
The bulletin will be available from:
http://sunsolve.sun.com/security. Sun patches are available from:
http://sunsolve.sun.com/securitypatch.
Symantec Corporation
Symantec Corporation has investigated the SNMP issues identified by
the OUSPG test suite and determined that Symantec products are not
susceptable [sic] to these issues.
TANDBERG
Tandberg have run all the testcases found the PROTOS test-suie
[sic], c06snmpv1:
1. c06-snmpv1-trap-enc-pr1.jar
2. c06-snmpv1-treq-app-pr1.jar
3. c06-snmpv1-trap-enc-pr1.jar
4. c06-snmpv1-req-app-pr1.jar
The tests were run with standard delay time between the requests
(100ms), but also with a delay of 1ms. The tests applies to all
TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The
software tested on these products were B4.0 (our latest software)
and no problems were found when running the test suite.
Appendix B. - References 1. http://www.ee.oulu.fi/research/ouspg/protos/ 2. http://www.kb.cert.org/vuls/id/854306 3. http://www.kb.cert.org/vuls/id/107186 4. http://www.cert.org/tech_tips/denial_of_service.html 5. http://www.ietf.org/rfc/rfc1067.txt 6. http://www.ietf.org/rfc/rfc1089.txt 7. http://www.ietf.org/rfc/rfc1140.txt 8. http://www.ietf.org/rfc/rfc1155.txt 9. http://www.ietf.org/rfc/rfc1156.txt 10. http://www.ietf.org/rfc/rfc1215.txt 11. http://www.ietf.org/rfc/rfc1270.txt 12. http://www.ietf.org/rfc/rfc1352.txt
Appendix C. - Background Information
Background Information on the OUSPG
OUSPG is an academic research group located at Oulu University in
Finland. The purpose of this research group is to test software
for vulnerabilities.
History has shown that the techniques used by the OUSPG have
discovered a large number of previously undetected problems in the
products and protocols they have tested. In 2001, the OUSPG
produced a comprehensive test suite for evaluating implementations
of the Lightweight Directory Access Protocol (LDAP). This test
suite was developed with the strategy of abusing the protocol in
unsupported and unexpected ways, and it was very effective in
uncovering a wide variety of vulnerabilities across several
products. This approach can reveal vulnerabilities that would not
manifest themselves under normal conditions.
After completing its work on LDAP, OUSPG moved its focus to
SNMPv1. As with LDAP, they designed a custom test suite, began
testing a selection of products, and found a number of
vulnerabilities. Because OUSPG's work on LDAP was similar in
procedure to its current work on SNMP, you may wish to review the
LDAP Test Suite and CERT Advisory CA-2001-18, which outlined
results of application of the test suite.
In order to test the security of protocols like SNMPv1, the PROTOS
project presents a server with a wide variety of sample packets
containing unexpected values or illegally formatted data. As a
member of the PROTOS project consortium, the OUSPG used the PROTOS
c06-snmpv1 test suite to study several implementations of the
SNMPv1 protocol.
Background Information on the Simple Network Management Protocol
The Simple Network Management Protocol (SNMP) is the most popular
protocol in use to manage networked devices. SNMP was designed in
the late 80's to facilitate the exchange of management information
between networked devices, operating at the application layer of
the ISO/OSI model. The SNMP protocol enables network and system
administrators to remotely monitor and configure devices on the
network (devices such as switches and routers). Software and
firmware products designed for networks often make use of the SNMP
protocol. SNMP runs on a multitude of devices and operating
systems, including, but not limited to,
+ Core Network Devices (Routers, Switches, Hubs, Bridges, and
Wireless Network Access Points)
+ Operating Systems
+ Consumer Broadband Network Devices (Cable Modems and DSL
Modems)
+ Consumer Electronic Devices (Cameras and Image Scanners)
+ Networked Office Equipment (Printers, Copiers, and FAX
Machines)
+ Network and Systems Management/Diagnostic Frameworks (Network
Sniffers and Network Analyzers)
+ Uninterruptible Power Supplies (UPS)
+ Networked Medical Equipment (Imaging Units and Oscilloscopes)
+ Manufacturing and Processing Equipment
The SNMP protocol is formally defined in RFC1157. Quoting from
that RFC:
Implicit in the SNMP architectural model is a collection
of network management stations and network elements.
Network management stations execute management
applications which monitor and control network elements.
Network elements are devices such as hosts, gateways,
terminal servers, and the like, which have management
agents responsible for performing the network management
functions requested by the network management stations.
The Simple Network Management Protocol (SNMP) is used to
communicate management information between the network
management stations and the agents in the network
elements.
Additionally, SNMP is discussed in a number of other RFC
documents:
+ RFC 3000 Internet Official Protocol Standards
+ RFC 1212 Concise MIB Definitions
+ RFC 1213 Management Information Base for Network Management
of TCP/IP-based Internets: MIB-II
+ RFC 1215 A Convention for Defining Traps for use with the
SNMP
+ RFC 1270 SNMP Communications Services
+ RFC 2570 Introduction to Version 3 of the Internet-standard
Network Management Framework
+ RFC 2571 An Architecture for Describing SNMP Management
Frameworks
+ RFC 2572 Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)
+ RFC 2573 SNMP Applications
+ RFC 2574 User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
+ RFC 2575 View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)
+ RFC 2576 Coexistence between Version 1, Version 2, and
Version 3 of the Internet-standard Network Management
Framework
_____________________________________________________________
The CERT Coordination Center thanks the Oulu University Secure
Programming Group for reporting these vulnerabilities to us, for
providing detailed technical analyses, and for assisting us in
preparing this advisory. We also thank Steven M. Bellovin (AT&T
Labs -- Research), Wes Hardaker (Net-SNMP), Steve Moulton (SNMP
Research), Tom Reddington (Bell Labs), Mike Duckett (Bell South),
Rob Thomas, Blue Boar (Thievco), and the many others who
contributed to this document.
_____________________________________________________________
Feedback on this document can be directed to the authors, Ian A.
Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D.
Householder, Marty Lindner, and Art Manion.
__________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2002-03.html
__________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available
from our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and
bulletins, send email to majordomo@cert.org. Please include in the
body of your message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
__________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the
Software Engineering Institute is furnished on an "as is" basis.
Carnegie Mellon University makes no warranties of any kind, either
expressed or implied as to any matter including, but not limited
to, warranty of fitness for a particular purpose or
merchantability, exclusivity or results obtained from use of the
material. Carnegie Mellon University does not make any warranty of
any kind with respect to freedom from patent, trademark, or
copyright infringement.
_____________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
February 12, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU R1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl QUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr uZiMJ5f2SEo= =h42e -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.0",
"scope": "ne",
"trust": 5.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": "ne",
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.9,
"vendor": "caldera",
"version": "5.0.5"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "3com",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adventnet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "american power conversion",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "aprisma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "avaya",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "bea",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "bmc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cnt",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "comtek services",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cscare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cacheflow",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "carrier access",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "compaq computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "computer associates",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "concord",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dart",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "entrada",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "equinox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "fluke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "general datacomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hirschmann",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "iplanet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "itouch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "infovista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "inktomi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "innerdive",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "karlnet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lantronix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "larscom incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lucent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mg soft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "marconi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mercury interactive",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "metrobility optical",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "micromuse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "monfox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "multinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "net snmp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "network harmoni",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nbase xyplex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netscout",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netsilicon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwave",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "optical access",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "perle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "powerware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "radware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "redback",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "snmp research",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sniffer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sonus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "the sco group sco unix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "tivoli",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "toshiba",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "unisphere",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "vertical",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "vina",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "wind river",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "world wide packets",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "xerox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "e security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "net com",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "30002.5.2"
},
{
"model": "ios 12.0 xe",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 dc2",
"scope": "ne",
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": "ne",
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nudesign team",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "outback resource group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "veritas",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bintec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "interniche",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ncipher corp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netscreen",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "5.0"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "4.0.1"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "3.0.1"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "2.1"
},
{
"model": "ios 12.0 s7",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e8",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.0 xe?",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "30003.1"
},
{
"model": "ios 12.0 s1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wc1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xu",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "30003.0.3"
},
{
"model": "ios 12.1 ex",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "sunnet manager sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.3"
},
{
"model": "sunnet manager intel",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.3"
},
{
"model": "sunmc rr",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "sunmc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "sunmc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.5"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.4"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.3"
},
{
"model": "research mid-level manager",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "research enterpol",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "research dr-web manager",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "emulex 1gbit fibrechannel hub",
"scope": null,
"trust": 0.3,
"vendor": "sgi",
"version": null
},
{
"model": "brocade",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.6.0"
},
{
"model": "networks aos",
"scope": null,
"trust": 0.3,
"vendor": "redback",
"version": null
},
{
"model": "realplayer intranet",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "5.0"
},
{
"model": "software tcpware",
"scope": "eq",
"trust": 0.3,
"vendor": "process",
"version": "5.5"
},
{
"model": "software multinet",
"scope": "eq",
"trust": 0.3,
"vendor": "process",
"version": "4.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.5"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.1"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.11"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.2"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.0"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.4.1"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.4"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.3.1"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.3"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.1.3"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.2.1"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.1.1"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt workstation sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "95"
},
{
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "domino snmp agents solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1x86"
},
{
"model": "domino snmp agents solaris sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "domino snmp agents hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "lrs",
"scope": null,
"trust": 0.3,
"vendor": "lantronix",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "solutions router ip console",
"scope": "eq",
"trust": 0.3,
"vendor": "innerdive",
"version": "3.3.0.406"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "procurve switch 8000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4108gl-bundle",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4108gl",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2525"
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2524"
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2512"
},
{
"model": "procurve switch 2424m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 2400m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 1600m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ov/sam",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.10"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.211.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.210.x"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.111.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.110.x"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "openview network node manager nt 4.x/windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.02000"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.011.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.010.20"
},
{
"model": "openview network node manager windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.23.51/4.0"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.11"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.11"
},
{
"model": "openview extensible snmp agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.0"
},
{
"model": "openview emanate snmp agent solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.22.x"
},
{
"model": "openview emanate snmp agent hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.211.x"
},
{
"model": "openview emanate snmp agent hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.210.20"
},
{
"model": "openview distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "openview distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.03"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.0"
},
{
"model": "mc/serviceguard",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.20.00"
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.00"
},
{
"model": "ito/vpo/ovo unix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "ems a.03.20",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ems a.03.10",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ems a.03.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "gzip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "3.1.02"
},
{
"model": "services nmserver",
"scope": "eq",
"trust": 0.3,
"vendor": "comtek",
"version": "3.4"
},
{
"model": "associates unicenter",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7.1.1"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7.1.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7"
},
{
"model": "openunix",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "8.0"
},
{
"model": "openserver",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "5.0.6"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.14"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.13"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.12"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.11"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.21"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.19"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.18"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.17"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.16"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.15"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.14"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.13"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.12"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.11"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.20"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.10"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.09"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.08"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.07"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.06"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.05"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.04"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.03"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.02"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1"
},
{
"model": "cacheos",
"scope": null,
"trust": 0.3,
"vendor": "cacheflow",
"version": null
},
{
"model": "web nms msp edition",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "web nms",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "snmp utilities",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "snmp api",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "mediation server",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "management builder",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "fault management toolkit",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "configuration management toolkit",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "cli api",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "agent toolkit java/jmx edition",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "agent toolkit c edition",
"scope": "eq",
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "webcache",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "3000"
},
{
"model": "webcache",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1000"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "4900"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "4400"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "3300"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1100"
},
{
"model": "ps hub",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "50"
},
{
"model": "ps hub",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "40"
},
{
"model": "dual speed hub",
"scope": null,
"trust": 0.3,
"vendor": "3com",
"version": null
},
{
"model": "brocade .0d",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "2.6"
},
{
"model": "ipso",
"scope": "ne",
"trust": 0.3,
"vendor": "nokia",
"version": "3.4.2"
},
{
"model": "ucd-snmp",
"scope": "ne",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.2.2"
},
{
"model": "solutions router ip console",
"scope": "ne",
"trust": 0.3,
"vendor": "innerdive",
"version": "3.3.0.407"
},
{
"model": "jetdirect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "x.21.00"
},
{
"model": "jetdirect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.32"
},
{
"model": "ios 12.0 wc 2900xl-lre",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "cbos a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4700"
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.7"
},
{
"model": "as5850",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000"
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ca1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.2"
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(4.206)"
},
{
"model": "netranger sensor",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "as5200",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vg248 analog phone gateway",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2gs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7750"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(8)"
},
{
"model": "ios 12.0 wt6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.1"
},
{
"model": "traffic director",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ios 12.1 e5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ya2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "as5300",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "icdn software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30002.0"
},
{
"model": "cbos b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.2"
},
{
"model": "ios 11.1 cc4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 4840g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 aa4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "39203.0(7)"
},
{
"model": "secure ids network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7100"
},
{
"model": "cva120",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst native mode",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "560"
},
{
"model": "ios 12.1 ea1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2sa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1005"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.5.015"
},
{
"model": "ios 12.2 mx1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "bpx/igx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12000"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4670"
},
{
"model": "ap340",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10700"
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "distributed director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2501"
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intelligent contact manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "ios 12.1 yi1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 2948g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6"
},
{
"model": "ios 12.1 ew",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(7.202)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "local director",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4232"
},
{
"model": "ios 12.1 ec",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "user registration tool vlan policy server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dd3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "ios 11.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "igx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 8540csr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8240",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7010"
},
{
"model": "unity server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst hybrid mode",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "ios 12.0 wc3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "icdn software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "snmpc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.0.4"
},
{
"model": "ios 12.0 st5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0w5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ios 12.0 sl4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.2"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 db2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82301.2.10"
},
{
"model": "ios 12.1 ey",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "ios 12.0 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82501.2.10"
},
{
"model": "catalyst msm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "nsp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6400"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "info center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ios 12.0 wx5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "arrowpoint cs11000",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "secure ids host sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2950"
},
{
"model": "ios 11.1 ct",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ubr7200",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ia",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 8540msr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.1 t12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "microswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1548"
},
{
"model": "ios 12.1 e12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.0 sx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "access registrar",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4000"
},
{
"model": "ios 12.0 st",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 8510csr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bpx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xz7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2920"
},
{
"model": "ios 12.1 ea1b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2p",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2600"
},
{
"model": "as5800",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 p2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6200"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1700"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "507"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7000"
},
{
"model": "ios 12.1 e7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.1"
},
{
"model": "ios 12.2 t1a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "ios 12.2 xa5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.1"
},
{
"model": "ios 12.1 ew1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ca",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.053"
},
{
"model": "catalyst 2948g-l3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2900"
},
{
"model": "ios 12.2 mb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "ios 12.2 t0a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "ios 12.0 wc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ap350",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sl6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "as5400",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst xl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3500"
},
{
"model": "ios 12.0 wc2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1400"
},
{
"model": "ios 12.1 yb5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.1"
},
{
"model": "ios 12.1 e6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.0 sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.8"
},
{
"model": "ubr900",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.0 t2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 sa6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sc2200/vsc3000",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "wan manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xm2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6400"
},
{
"model": "infocenter",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "cache engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "570"
},
{
"model": "call manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sc3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 bc1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ex",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8260",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.4"
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.0"
},
{
"model": "ios 12.2 xj1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc1a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "ios 12.1 xm7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ios 12.1 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4430"
},
{
"model": "catalyst supervisor module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "ap352",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "internet cdn content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(7)xv"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.2da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cache engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "505"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "catalyst xl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2900"
},
{
"model": "netranger",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ios 12.1 ex3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "ios 12.0sl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "br350",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "ios 12.2 xt3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "content delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4650"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.0 st3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4500"
},
{
"model": "ios 12.2 xw1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 da3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "br352",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ons metro edge optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15327"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "microhub",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1500"
},
{
"model": "ios 12.2 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3"
},
{
"model": "ios 12.0sc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4232-13"
},
{
"model": "ios 11.0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst msfc2",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "mgx-8220",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "element management framework",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3600"
},
{
"model": "catalyst 4908g-l3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "wgb340",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ciscoworks windows/wug",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ios 12.0 s2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8850 r1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 gs6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82501.2.11"
},
{
"model": "ios 12.0 xf1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "rsfc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "ios 12.1 ec1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 ia",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ws-x6624",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5"
},
{
"model": "ios 11.1 ca2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "icdn software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "secure pix firewall",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7500"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3200"
},
{
"model": "ios 12.2 xi1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82301.2.11"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "wgb352",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cat6k nam",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "br340",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xf5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fasthub",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4001.0"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.1 ea2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rsm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nrp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6400"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.4"
},
{
"model": "ws-x6608",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 by2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1600"
},
{
"model": "ios 12.1 xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xl4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xs?",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.9"
},
{
"model": "catalyst 8510msr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xm1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2500"
},
{
"model": "ios 12.2 ya1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "service expansion shelf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst msfc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "ios 12.0 xe1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "iad",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8110"
},
{
"model": "ios 12.1 ex4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xe2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4000"
},
{
"model": "ios 12.1 e9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "ios 11.1ct",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "ios 12.1 xp",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7300"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3550"
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8850 r2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "internet cdn content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "ciscoworks windows",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.2"
},
{
"model": "ios 12.2 xk2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "esr",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "ls1010 atm switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 dc1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.7.002"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4450"
},
{
"model": "ios 12.1 xi8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3900"
},
{
"model": "ios 11.3 db1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "800"
},
{
"model": "mc3810",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 by",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "as5350",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1cc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7200"
},
{
"model": "content delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4630"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(4)"
},
{
"model": "catalyst 4912g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intelligent contact manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "cbos ap",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.2"
},
{
"model": "ios 12.0dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.1"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ubr10000",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:caldera:openserver:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1570"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by the Oulu University Secure Programming Group.",
"sources": [
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
}
],
"trust": 0.6
},
"cve": "CVE-1999-1570",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-1570",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#107186",
"trust": 0.8,
"value": "69.26"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#854306",
"trust": 0.8,
"value": "42.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-001",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. \nThe resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. SNMP requests are messages sent from manager to agent systems. They typically poll the agent for current performance or configuration information, ask for the next SNMP object in a Management Information Base (MIB), or modify the configuration settings of the agent. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. \nIt is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2002-03: Multiple Vulnerabilities in Many\nImplementations of the Simple Network Management Protocol (SNMP)\n\n Original release date: February 12, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n\nSystems Affected\n\n Products from a very wide variety of vendors may be affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from\n http://www.kb.cert.org/vuls/id/854306\n http://www.kb.cert.org/vuls/id/107186 \n\n Many other systems making use of SNMP may also be vulnerable but were\n not specifically tested. \n\n In addition to this advisory, we also have an FAQ available at\n http://www.cert.org/tech_tips/snmp_faq.html\n\nI. Description\n\n The Simple Network Management Protocol (SNMP) is a widely deployed\n protocol that is commonly used to monitor and manage network devices. \n Version 1 of the protocol (SNMPv1) defines several types of SNMP\n messages that are used to request information or configuration\n changes, respond to requests, enumerate SNMP objects, and send\n unsolicited alerts. The Oulu University Secure Programming Group\n (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous\n vulnerabilities in SNMPv1 implementations from many different vendors. \n More information about SNMP and OUSPG can be found in Appendix C\n\n OUSPG\u0027s research focused on the manner in which SNMPv1 agents and\n managers handle request and trap messages. A trap message\n may indicate a warning or error condition or otherwise notify the\n manager about the agent\u0027s state. Request\n messages might be issued to obtain information from an agent or to\n instruct the agent to configure the host device. \n\n Vulnerabilities in the decoding and subsequent processing of SNMP\n messages by both managers and agents may result in denial-of-service\n conditions, format string vulnerabilities, and buffer overflows. Some\n vulnerabilities do not require the SNMP message to use the correct\n SNMP community string. \n\n These vulnerabilities have been assigned the CVE identifiers\n CAN-2002-0012 and CAN-2002-0013, respectively. \n\nII. \n\nIII. Solution\n\n Note that many of the mitigation steps recommended below may have\n significant impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\nApply a patch from your vendor\n\n Appendix A contains information provided by vendors for this advisory. \n Please consult this appendix to determine if you need to contact your\n vendor directly. \n\nDisable the SNMP service\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required, including SNMP. \n Unfortunately, some of the affected products exhibited unexpected\n behavior or denial of service conditions when exposed to the OUSPG\n test suite even if SNMP was not enabled. In these cases, disabling\n SNMP should be used in conjunction with the filtering practices listed\n below to provide additional protection. \n\nIngress filtering\n\n As a temporary measure, it may be possible to limit the scope of these\n vulnerabilities by blocking access to SNMP services at the network\n perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a network\n under your administrative control. Servers are typically the only\n machines that need to accept inbound traffic from the public Internet. \n In the network usage policy of many sites, there are few reasons for\n external hosts to initiate inbound traffic to machines that provide no\n public services. Thus, ingress filtering should be performed at the\n border to prohibit externally initiated inbound traffic to\n non-authorized services. For SNMP, ingress filtering of the following\n ports can prevent attackers outside of your network from impacting\n vulnerable devices in the local network that are not explicitly\n authorized to provide public SNMP services. \n\n snmp 161/udp # Simple Network Management Protocol (SNMP)\n snmp 162/udp # SNMP system management messages\n\n The following services are less common, but may be used on some\n affected products\n\n snmp 161/tcp # Simple Network Management Protocol\n (SNMP)\n snmp 162/tcp # SNMP system management messages\n smux 199/tcp # SNMP Unix Multiplexer\n smux 199/udp # SNMP Unix Multiplexer\n synoptics-relay 391/tcp # SynOptics SNMP Relay Port\n synoptics-relay 391/udp # SynOptics SNMP Relay Port\n agentx 705/tcp # AgentX\n snmp-tcp-port 1993/tcp # cisco SNMP TCP port\n snmp-tcp-port 1993/udp # cisco SNMP TCP port\n\n As noted above, you should carefully consider the impact of blocking\n services that you may be using. \n\n It is important to note that in many SNMP implementations, the SNMP\n daemon may bind to all IP interfaces on the device. This has important\n consequences when considering appropriate packet filtering measures\n required to protect an SNMP-enabled device. For example, even if a\n device disallows SNMP packets directed to the IP addresses of its\n normal network interfaces, it may still be possible to exploit these\n vulnerabilities on that device through the use of packets directed at\n the following IP addresses:\n * \"all-ones\" broadcast address\n * subnet broadcast address\n * any internal loopback addresses (commonly used in routers for\n management purposes, not to be confused with the IP stack loopback\n address 127.0.0.1)\n\n Careful consideration should be given to addresses of the types\n mentioned above by sites planning for packet filtering as part of\n their mitigation strategy for these vulnerabilities. \n\n Finally, sites may wish to block access to the following RPC services\n related to SNMP (listed as name, program ID, alternate names)\n\n snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys\n snmp-utk\n snmpv2 100138 na.snmpv2 # SNM Version 2.2.2\n snmpXdmid 100249\n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\nFilter SNMP traffic from non-authorized internal hosts\n\n In many networks, only a limited number of network management systems\n need to originate SNMP request messages. This can reduce, but not wholly eliminate, the\n risk from internal attacks. However, it may have detrimental effects\n on network performance due to the increased load imposed by the\n filtering, so careful consideration is required before implementation. \n Similar caveats to the previous workaround regarding broadcast and\n loopback addresses apply. \n\nChange default community strings\n\n Most SNMP-enabled products ship with default community strings of\n \"public\" for read-only access and \"private\" for read-write access. As\n with any known default access control mechanism, the CERT/CC\n recommends that network administrators change these community strings\n to something of their own choosing. However, even when community\n strings are changed from their defaults, they will still be passed in\n plaintext and are therefore subject to packet sniffing attacks. SNMPv3\n offers additional capabilities to ensure authentication and privacy as\n described in RFC2574. \n\n Because many of the vulnerabilities identified in this advisory occur\n before the community strings are evaluated, it is important to note\n that performing this step alone is not sufficient to mitigate the\n impact of these vulnerabilities. Nonetheless, it should be performed\n as part of good security practice. \n\nSegregate SNMP traffic onto a separate management network\n\n In situations where blocking or disabling SNMP is not possible,\n exposure to these vulnerabilities may be limited by restricting all\n SNMP access to separate, isolated management networks that are not\n publicly accessible. Although this would ideally involve physically\n separate networks, that kind of separation is probably not feasible in\n most environments. Mechanisms such as virtual LANs (VLANs) may be used\n to help segregate traffic on the same physical network. Note that\n VLANs may not strictly prevent an attacker from exploiting these\n vulnerabilities, but they may make it more difficult to initiate the\n attacks. \n\n Another option is for sites to restrict SNMP traffic to separate\n virtual private networks (VPNs), which employ cryptographically strong\n authentication. \n\n Note that these solutions may require extensive changes to a site\u0027s\n network architecture. \n\nEgress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need for\n machines providing public services to initiate outbound traffic to the\n Internet. In the case of SNMP vulnerabilities, employing egress\n filtering on the ports listed above at your network border can prevent\n your network from being used as a source for attacks on other sites. \n\nDisable stack execution\n\n Disabling executable stacks (on systems where this is configurable)\n can reduce the risk of \"stack smashing\" attacks based on these\n vulnerabilities. Although this does not provide 100 percent protection\n against exploitation of these vulnerabilities, it makes the likelihood\n of a successful exploit much smaller. On many UNIX systems, executable\n stacks can be disabled by adding the following lines to /etc/system:\n\n set noexec_user_stack = 1 set noexec_user_stack_log = 1\n\n Note that this may go against the SPARC and Intel ABIs and can be\n bypassed as required in programs with mprotect(2). For the changes to\n take effect you will then need to reboot. \n\n Other operating systems and architectures also support the disabling\n of executable stacks either through native configuration parameters or\n via third-party software. Consult your vendor(s) for additional\n information. \n\nShare tools and techniques\n\n Because dealing with these vulnerabilities to systems and networks is\n so complex, the CERT/CC will provide a forum where administrators can\n share ideas and techniques that can be used to develop proper\n defenses. We have created an unmoderated mailing list for system and\n network administrators to discuss helpful techniques and tools. \n\n You can subscribe to the mailing list by sending an email message to\n majordomo@cert.org. In the body of the message, type\n\n subscribe snmp-forum\n\n After you receive the confirmation message, follow the instructions in\n the message to complete the subscription process. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\nAdventNet\n\n This is in reference to your notification regarding [VU#107186 and\n VU#854306] and OUSPG#0100. AdventNet Inc. has reproduced this\n behavior in their products and coded a Service Pack fix which is\n currently in regression testing in AdventNet Inc.\u0027s Q.A. \n organization. The release of AdventNet Inc\u0027s. Service Pack\n correcting the behavior outlined in VU#617947, and OUSPG#0100 is\n scheduled to be generally available to all of AdventNet Inc.\u0027s\n customers by February 20, 2002. \n\nAvaya\n\n Avaya Inc. No further information is available at this time. \n\nCacheFlow\n\n The purpose of this email is to advise you that CacheFlow Inc. has\n provided a software update. Please be advised that updated versions\n of the software are now available for all supported CacheFlow\n hardware platforms, and may be obtained by CacheFlow customers at\n the following URL:\n\n http://download.cacheflow.com/\n\n The specific reference to the software update is contained within the\n Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15\n Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149. \n\n RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS:\n * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm\n\n RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS:\n * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm\n * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm\n * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm\n\n * SR 1-1647517, VI 13045: This update modified a potential\n vulnerability by using an SNMP test tools exploit. \n\n3Com Corporation\n\n A vulnerability to an SNMP packet with an invalid length community\n string has been resolved in the following products. Customers\n concerned about this weakness should ensure that they upgrade to\n the following agent versions:\n PS Hub 40\n 2.16 is due Feb 2002\n PS Hub 50\n 2.16 is due Feb 2002\n Dual Speed Hub\n 2.16 is due Jan 2002\n Switch 1100/3300\n 2.68 is available now\n Switch 4400\n 2.02 is available now\n Switch 4900\n 2.04 is available now\n WebCache1000/3000\n 2.00 is due Jan 2002\n\nCaldera\n\n Caldera International, Inc. has reproduced faulty behavior in\n Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX\n 8. We have coded a software fix for supported versions of Caldera\n UnixWare 7 and Caldera Open UNIX 8 that will be available from\n our support site at http://stage.caldera.com/support/security\n immediately following the publication of this CERT announcement. A\n fix for supported versions of OpenServer 5 will be available at a\n later date. \n\nCisco Systems\n\n Cisco Systems is addressing the vulnerabilities identified by\n VU#854306 and VU#107186 across its entire product line. Cisco will\n publish a security advisory with further details at\n http://www.cisco.com/go/psirt/. \n\nCompaq Computer Corporation\n\n x-ref: SSRT0779U SNMP\n At the time of writing this document, COMPAQ continues to evaluate\n this potential problem and when new versions of SNMP are available,\n COMPAQ will implement solutions based on the new code. Compaq will\n provide notice of any new patches as a result of that effort\n through standard patch notification procedures and be available\n from your normal Compaq Services support channel. \n\nComputer Associates\n\n Computer Associates has confirmed Unicenter vulnerability to the\n SNMP advisory identified by CERT notification reference [VU#107186\n \u0026 VU#854306] and OUSPG#0100. We have produced corrective\n maintenance to address these vulnerabilities, which is in the\n process of publication for all applicable releases / platforms and\n will be offered through the CA Support site. Please contact our\n Technical Support organization for information regarding\n availability / applicability for your specific configuration(s). \n\nCOMTEK Services, Inc. \n\n NMServer for AS/400 is not an SNMP master and is therefore not\n vulnerable. However this product requires the use of the AS/400\n SNMP master agent supplied by IBM. \n\n NMServer for OpenVMS has been tested and has shown to be\n vulnerable. COMTEK Services is preparing a new release of this\n product (version 3.5) which will contain a fix for this problem. \n This new release is scheduled to be available in February 2002. \n Contact COMTEK Services for further information. \n\n NMServer for VOS has not as yet been tested; vulnerability of this\n agent is unknown. Contact for further information on the testing\n schedule of the VOS product. \n\nCovalent Technologies\n\n Covalent Technologies ERS (Enterprise Ready Server), Secure Server,\n and Conductor SNMP module are not vulnerable according to testing\n performed in accordance with CERT recommendations. Security\n information for Covalent products can be found at www.covalent.net\n\nDartware, LLC\n\n Dartware, LLC (www.dartware.com) supplies two products that use\n SNMPv1 in a manager role, InterMapper and SNMP Watcher. This statement applies to all present\n and past versions of these two software packages. \n\nDMH Software\n\n DMH Software is in the process of evaluating and attempting to\n reproduce this behavior. \n It is unclear at this point if our snmp-agent is sensitive to the\n tests described above. \n If any problems will be discovered, DMH Software will code a\n software fix. \n The release of DMH Software OS correcting the behavior outlined in\n VU#854306, VU#107186, and OUSPG#0100 will be generally available to\n all of DMH Software\u0027s customers as soon as possible. \n\nEnGarde Secure Linux\n\n EnGarde Secure Linux did not ship any SNMP packages in version\n 1.0.1 of our distribution, so we are not vulnerable to either bug. \n\nFreeBSD\n\n FreeBSD does not include any SNMP software by default, and so is\n not vulnerable. However, the FreeBSD Ports Collection contains the\n UCD-SNMP / NET-SNMP package. Package versions prior to\n ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release\n will ship the corrected version of the UCD-SNMP / NET-SNMP\n package. In addition, the corrected version of the packages is\n available from the FreeBSD mirrors. \n\n FreeBSD has issued the following FreeBSD Security Advisory\n regarding the UCD-SNMP / NET-SNMP package:\n ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. \n snmp.asc. \n\nHewlett-Packard Company\n\n SUMMARY - known vulnerable:\n ========================================\n hp procurve switch 2524\n NNM (Network Node Manager)\n JetDirect Firmware (Older versions only)\n HP-UX Systems running snmpd or OPENVIEW\n MC/ServiceGuard\n EMS\n Still under investigation:\n SNMP/iX (MPE/iX)\n ========================================\n _________________________________________________________\n ---------------------------------------------------------\n hp procurve switch 2524 \n ---------------------------------------------------------\n hp procurve switch 2525 (product J4813A) is vulnerable to some\n issues, patches in process. Watch for the associated HP\n Security Bulletin. \n ---------------------------------------------------------\n NNM (Network Node Manager)\n ---------------------------------------------------------\n Some problems were found in NNM product were related to\n trap handling. Patches in process. Watch for the\n associated HP Security Bulletin. \n ---------------------------------------------------------\n JetDirect Firmware (Older versions only)\n ---------------------------------------------------------\n ONLY some older versions of JetDirect Firmware are\n vulnerable to some of the issues. The older firmware\n can be upgraded in most cases, see list below. \n JetDirect Firmware Version State\n ========================== =====\n X.08.32 and higher NOT Vulnerable\n X.21.00 and higher NOT Vulnerable\n JetDirect Product Numbers that can be freely\n upgraded to X.08.32 or X.21.00 or higher firmware. \n EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)\n J3110A 10T\n J3111A 10T/10B2/LocalTalk\n J3112A Token Ring (discontinued)\n J3113A 10/100 (discontinued)\n J4169A 10/100\n J4167A Token Ring\n MIO (Peripherals LaserJet 4, 4si, 5si, etc...)\n J2550A/B 10T (discontinued)\n J2552A/B 10T/10Base2/LocalTalk (discontinued)\n J2555A/B Token Ring (discontinued)\n J4100A 10/100\n J4105A Token Ring\n J4106A 10T\n External Print Servers\n J2591A EX+ (discontinued)\n J2593A EX+3 10T/10B2 (discontinued)\n J2594A EX+3 Token Ring (discontinued)\n J3263A 300X 10/100\n J3264A 500X Token Ring\n J3265A 500X 10/100\n ----------------------------------------------------------\n HP-UX Systems running snmpd or OPENVIEW\n ----------------------------------------------------------\n The following patches are available now:\n PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch\n PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch\n PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated\n Patch\n All three patches are available from:\n http://support.openview.hp.com/cpe/patches/\n In addition PHSS_26137 and PHSS_26138 will soon be available from:\n http://itrc.hp.com\n ================================================================\n NOTE: The patches are labeled OV(Open View). However, the patches\n are also applicable to systems that are not running Open View. \n =================================================================\n Any HP-UX 10.X or 11.X system running snmpd or snmpdm is\n vulnerable. \n To determine if your HP-UX system has snmpd or snmpdm installed:\n swlist -l file | grep snmpd\n If a patch is not available for your platform or you cannot install\n an available patch, snmpd and snmpdm can be disabled by removing\n their\n entries from /etc/services and removing the execute permissions\n from\n /usr/sbin/snmpd and /usr/sbin/snmpdm. \n ----------------------------------------------------------------\n Investigation completed, systems vulnerable. \n ----------------------------------------------------------------\n MC/ServiceGuard\n Event Monitoring System (EMS)\n ----------------------------------------------------------------\n Still under investigation:\n ----------------------------------------------------------------\n SNMP/iX (MPE/iX)\n\nHirschmann Electronics GmbH \u0026 Co. KG\n\n Hirschmann Electronics GmbH \u0026 Co. KG supplies a broad range of\n networking products, some of which are affected by the SNMP\n vulnerabilities identified by CERT Coordination Center. Hirschmann customers may contact our Competence\n Center (phone +49-7127-14-1538, email:\n ans-support@nt.hirschmann.de) for additional information,\n especially regarding availability of latest firmware releases\n addressing the SNMP vulnerabilities. \n\nIBM Corporation\n\n Based upon the results of running the test suites we have\n determined that our version of SNMP shipped with AIX is NOT\n vulnerable. \n\nInnerdive Solutions, LLC\n\n Innerdive Solutions, LLC has two SNMP based products:\n 1. The \"SNMP MIB Scout\"\n (http://www.innerdive.com/products/mibscout/)\n 2. The \"Router IP Console\" (http://www.innerdive.com/products/ric/)\n The \"SNMP MIB Scout\" is not vulnerable to either bug. \n The \"Router IP Console\" releases prior to 3.3.0.407 are vulnerable. \n The release of \"Router IP Console\" correcting the behavior outlined\n in OUSPG#0100 is 3.3.0.407 and is already available on our site. \n Also, we will notify all our customers about this new release no\n later than March 5, 2002. \n\nJuniper Networks\n\n This is in reference to your notification regarding CAN-2002-0012\n and CAN-2002-0013. Juniper Networks has reproduced this behavior\n and coded a software fix. The fix will be included in all releases\n of JUNOS Internet software built after January 5, 2002. Customers\n with current support contracts can download new software with the\n fix from Juniper\u0027s web site at www.juniper.net. \n Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can\n only be reproduced in JUNOS Internet software if certain tracing\n options are enabled. These options are generally not enabled in\n production routers. \n\nLantronix, Inc. \n\n Lantronix is committed to resolving security issues with our\n products. The SNMP security bug you reported has been fixed in LRS\n firmware version B1.3/611(020123). \n\nLotus Development Corporation\n\n Lotus Software evaluated the Lotus Domino Server for\n vulnerabilities using the test suite materials provided by OUSPG. \n This problem does not affect default installations of the Domino\n Server. However, SNMP agents can be installed from the CD to\n provide SNMP services for the Domino Server (these are located in\n the /apps/sysmgmt/agents directory). The optional platform\n specific master and encapsulator agents included with the Lotus\n Domino SNMP Agents for HP-UX and Solaris have been found to be\n vulnerable. For those platforms, customers should upgrade to\n version R5.0.1 a of the Lotus Domino SNMP Agents, available for\n download from the Lotus Knowledge Base on the IBM Support Web Site\n (http://www.ibm.com/software/lotus/support/). Please refer to\n Document #191059, \"Lotus Domino SNMP Agents R5.0.1a\", also in the\n Lotus Knowledge Base, for more details. \n\nLOGEC Systems Inc\n\n The products from LOGEC Systems are exposed to SNMP only via HP\n OpenView. We do not have an implementation of SNMP ourselves. As\n such, there is nothing in our products that would be an issue with\n this alert. \n\nLucent\n\n Lucent is aware of reports that there is a vulnerability in certain\n implementations of the SNMP (Simple Network Management Protocol)\n code that is used in data switches and other hardware throughout\n the telecom industry. \n As soon as we were notified by CERT, we began assessing our product\n portfolio and notifying customers with products that might be\n affected. \n Our 5ESS switch and most of our optical portfolio were not\n affected. Our core and edge ATM switches and most of our edge\n access products are affected, but we have developed, tested, and\n deployed fixes for many of those products to our customers. \n We consider the security and reliability of our customers\u0027 networks\n to be one of our critical measures of success. We take every\n reasonable measure to ensure their satisfaction. \n In addition, we are working with customers on ways to further\n enhance the security they have in place today. \n\nMarconi\n\n Marconi supplies a broad range of telecommunications and related\n products, some of which are affected by the SNMP vulnerabilities\n identified here. Those\n Marconi customers with support entitlement may contact the\n appropriate Technical Assistance Center (TAC) for additional\n information. Those not under support entitlement may contact their\n sales representative. \n\nMicrosoft Corporation\n\n The Microsoft Security Reponse [sic] Center has investigated this\n issue, and provides the following information. The SNMP v1 service is not installed or running by\n default on any version of Windows. A patch is underway to eliminate\n the vulnerability. In the meantime, we recommend that affected\n customers disable the SNMP v1 service. \n\n Details:\n An SNMP v1 service ships on the CDs for Windows 95, 98, and 98SE. \n It is not installed or running by default on any of these\n platforms. An SNMP v1 is NOT provided for Windows ME. However, it\n is possible that Windows 98 machines which had the service\n installed and were upgraded would still have the service. Since\n SNMP is not supported for WinME, customers in this situation are\n urged to remove the SNMP service. \n An SNMP v1 service is available on Windows NT 4.0 (including\n Terminal Server Edition) and Windows 2000 but is not installed or\n running by default on any of these platforms.Windows XP does not\n ship with an SNMP v1 service. \n\n Remediation:\n A patch is underway for the affected platforms, and will be\n released shortly. In the meantime, Microsoft recommends that\n customers who have the SNMP v1 service running disable it to\n protect their systems. Following are instruction for doing this:\n\n Windows 95, 98 and 98SE:\n 1. In Control Panel, double-click Network. \n 2. On the Configuration tab, select Microsoft SNMP Agent from the\n list of installed components. \n 3. Click Remove\n\n Check the following keys and confirm that snmp.exe is not listed. \n HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunSer\n vices\n HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n \n For Windows XP:\n 1. Right-click on My Computer and select Manage\n 2. Click on Services and Applications, then on Services\n 3. Location SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close the Computer\n Management window. \n \n For Windows NT 4.0 (including Terminal Server Edition):\n 1. Select Start, then Settings. \n 2. Select Control Panel, then click on the Services Icon\n 3. Locate SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close Control Panel\n\n Windows 2000:\n 1. Right-click on My Computer and select Manage\n 2. Click on Services and Applications, then on Services\n 3. Location SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close the Computer\n Management window. \n\nMultinet\n\n MultiNet and TCPware customers should contact Process Software to\n check for the availability of patches for this issue. A couple of\n minor problems were found and fixed, but there is no security risk\n related to the SNMP code included with either product. \n\nNetaphor\n\n NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP\n Manager Toolkit and Cyberons for Java -- NMS Application Toolkit,\n two Java based products that may be affected by the SNMP\n vulnerabilities identified here. The manner in which they are\n affected and the actions required (if any) to avoid being impacted\n by exploitation of these vulnerabilities, may be obtained by\n contacting Netaphor via email at info@netaphor.com Customers with\n annual support may contact support@netaphor.com directly. Those not\n under support entitlement may contact Netaphor sales:\n sales@netaphor.com or (949) 470 7955 in USA. \n\nNetBSD\n\n NetBSD does not ship with any SNMP tools in our \u0027base\u0027 releases. We\n do provide optional packages which provide various support for\n SNMP. These packages are not installed by default, nor are they\n currently provided as an install option by the operating system\n installation tools. A system administrator/end-user has to manually\n install this with our package management tools. These SNMP packages\n include:\n + netsaint-plugin-snmp-1.2.8.4 (SNMP monitoring plug-in for\n netsaint)\n + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)\n + p5-SNMP-3.1.0 (Perl5 module for interfacing to the UCD SNMP\n library\n + p5-SNMP_Session-0.83 (perl5 module providing rudimentary\n access to remote SNMP agents)\n + ucd-snmp-4.2.1 (Extensible SNMP implementation) (conflicts\n with ucd-snmp-4.1.2)\n + ucd-snmp-4.1.2 (Extensible SNMP implementation) (conflicts\n with ucd-snmp-4.2.1)\n\n We do provide a software monitoring mechanism called\n \u0027audit-packages\u0027, which allows us to highlight if a package with a\n range of versions has a potential vulnerability, and recommends\n that the end-user upgrade the packages in question. \n\nNetscape Communications Corporation\n\n Netscape continues to be committed to maintaining a high level of\n quality in our software and service offerings. Part of this\n commitment includes prompt response to security issues discovered\n by organizations such as the CERT Coordination Center. \n According to a recent CERT/CC advisory, The Oulu University Secure\n Programming Group (OUSPG) has reported numerous vulnerabilities in\n multiple vendor SNMPv1 implementations. \n We have carefully examined the reported findings, performing the\n tests suggested by the OUSPG to determine whether Netscape server\n products were subject to these vulnerabilities. It was determined\n that several products fell into this category. As a result, we have\n created fixes which will resolve the issues, and these fixes will\n appear in future releases of our product line. To Netscape\u0027s\n knowledge, there are no known instances of these vulnerabilities\n being exploited and no customers have been affected to date. \n When such security warnings are issued, Netscape has committed to -\n and will continue to commit to - resolving these issues in a prompt\n and timely fashion, ensuring that our customers receive products of\n the highest quality and security. \n\nNET-SNMP\n\n All ucd-snmp version prior to 4.2.2 are susceptible to this\n vulnerability and users of versions prior to version 4.2.2 are\n encouraged to upgrade their software as soon as possible\n (http://www.net-snmp.org/download/). Version 4.2.2 and higher are\n not susceptible. \n\nNetwork Associates\n\n PGP is not affected, impacted, or otherwise related to this VU#. \n\nNetwork Computing Technologies\n\n Network Computing Technologies has reviewed the information\n regarding SNMP vulnerabilities and is currently investigating the\n impact to our products. \n\nNokia\n\n This vulnerability is known to affect IPSO versions 3.1.3, 3.3,\n 3.3.1, 3.4, and 3.4.1. Patches are currently available for\n versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia\n website. In addition, version 3.4.2 shipped with the patch\n incorporated, and the necessary fix will be included in all future\n releases of IPSO. \n We recommend customers install the patch immediately or follow the\n recommended precautions below to avoid any potential exploit. \n If you are not using SNMP services, including Traps, simply disable\n the SNMP daemon to completely eliminate the potential\n vulnerability. \n If you are using only SNMP Traps and running Check Point\n FireWall-1, create a firewall policy to disallow incoming SNMP\n messages on all appropriate interfaces. Traps will continue to work\n normally. \n\nNortel Networks\n\n The CERT Coordination Center has issued a broad based alert to the\n technology industry, including Nortel Networks, regarding potential\n security vulnerabilities identified in the Simple Network\n Management Protocol (SNMP), a common networking standard. The\n company is working with CERT and other network equipment\n manufacturers, the U.S. Government, service providers, and software\n suppliers to assess and address this issue. \n\nNovell\n\n Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x\n and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on\n NetWare are fixed and will be available through NetWare 6 Support\n Pack 1 \u0026 NetWare 5.1 Support Pack 4. Support packs are available at\n http://support.novell.com/tools/csp/\n\nOpenBSD\n\n OpenBSD does not ship SNMP code. \n\nQualcomm\n\n WorldMail does not support SNMP by default, so customers who run\n unmodified installations are not vulnerable. \n\nRedback Networks, Inc. \n\n Redback Networks, Inc. has identified that the vulnerability in\n question affects certain versions of AOS software on the SMS 500,\n SMS 1800, and SMS 10000 platforms, and is taking the appropriate\n steps necessary to correct the issue. \n\nRed Hat\n\n RedHat has released a security advisiory [sic] at\n http://www.redhat.com/support/errata/RHSA-2001-163.html\n with updated versions of the ucd-snmp package for all supported\n releases and architectures. For more information or to download the\n update please visit this page. \n\nSGI\n\n SGI acknowledges the SNMP vulnerabilities reported by CERT and is\n currently investigating. No further information is available at\n this time. \n For the protection of all our customers, SGI does not disclose,\n discuss or confirm vulnerabilities until a full investigation has\n occurred and any necessary patch(es) or release streams are\n available for all vulnerable and supported IRIX operating systems. \n Until SGI has more definitive information to provide, customers are\n encouraged to assume all security vulnerabilities as exploitable\n and take appropriate steps according to local site security\n policies and requirements. As further information becomes\n available, additional advisories will be issued via the normal SGI\n security information distribution methods including the wiretap\n mailing list on http://www.sgi.com/support/security/. \n\nSNMP Research International\n\n SNMP Research has made the following vendor statement. They are\n likely to revise and expand the statement as the date for the\n public vulnerability announcement draws nearer. Users maintaining\n earlier releases should update to the current release if they have\n not already done so. Up-to-date information is available from\n support@snmp.com. Other Stonesoft\u0027s products are\n still under investigation. As further information becomes\n available, additional advisories will be available at\n http://www.stonesoft.com/support/techcenter/\n\nSun Microsystems, Inc. \n\n Sun\u0027s SNMP product, Solstice Enterprise Agents (SEA), described\n here:\n http://www.sun.com/solstice/products/ent.agents/\n is affected by VU#854306 but not VU#107186. More specifically the\n main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. \n Sun is currently generating patches for this issue and will be\n releasing a Sun Security Bulletin once the patches are available. \n The bulletin will be available from:\n http://sunsolve.sun.com/security. Sun patches are available from:\n http://sunsolve.sun.com/securitypatch. \n\nSymantec Corporation\n\n Symantec Corporation has investigated the SNMP issues identified by\n the OUSPG test suite and determined that Symantec products are not\n susceptable [sic] to these issues. \n\nTANDBERG\n\n Tandberg have run all the testcases found the PROTOS test-suie\n [sic], c06snmpv1:\n 1. c06-snmpv1-trap-enc-pr1.jar\n 2. c06-snmpv1-treq-app-pr1.jar\n 3. c06-snmpv1-trap-enc-pr1.jar\n 4. c06-snmpv1-req-app-pr1.jar\n The tests were run with standard delay time between the requests\n (100ms), but also with a delay of 1ms. The tests applies to all\n TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The\n software tested on these products were B4.0 (our latest software)\n and no problems were found when running the test suite. \n\nAppendix B. - References\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/854306\n 3. http://www.kb.cert.org/vuls/id/107186\n 4. http://www.cert.org/tech_tips/denial_of_service.html\n 5. http://www.ietf.org/rfc/rfc1067.txt\n 6. http://www.ietf.org/rfc/rfc1089.txt\n 7. http://www.ietf.org/rfc/rfc1140.txt\n 8. http://www.ietf.org/rfc/rfc1155.txt\n 9. http://www.ietf.org/rfc/rfc1156.txt\n 10. http://www.ietf.org/rfc/rfc1215.txt\n 11. http://www.ietf.org/rfc/rfc1270.txt\n 12. http://www.ietf.org/rfc/rfc1352.txt\n\nAppendix C. - Background Information\n\n Background Information on the OUSPG\n\n OUSPG is an academic research group located at Oulu University in\n Finland. The purpose of this research group is to test software\n for vulnerabilities. \n History has shown that the techniques used by the OUSPG have\n discovered a large number of previously undetected problems in the\n products and protocols they have tested. In 2001, the OUSPG\n produced a comprehensive test suite for evaluating implementations\n of the Lightweight Directory Access Protocol (LDAP). This test\n suite was developed with the strategy of abusing the protocol in\n unsupported and unexpected ways, and it was very effective in\n uncovering a wide variety of vulnerabilities across several\n products. This approach can reveal vulnerabilities that would not\n manifest themselves under normal conditions. \n After completing its work on LDAP, OUSPG moved its focus to\n SNMPv1. As with LDAP, they designed a custom test suite, began\n testing a selection of products, and found a number of\n vulnerabilities. Because OUSPG\u0027s work on LDAP was similar in\n procedure to its current work on SNMP, you may wish to review the\n LDAP Test Suite and CERT Advisory CA-2001-18, which outlined\n results of application of the test suite. \n In order to test the security of protocols like SNMPv1, the PROTOS\n project presents a server with a wide variety of sample packets\n containing unexpected values or illegally formatted data. As a\n member of the PROTOS project consortium, the OUSPG used the PROTOS\n c06-snmpv1 test suite to study several implementations of the\n SNMPv1 protocol. \n\n Background Information on the Simple Network Management Protocol\n \n The Simple Network Management Protocol (SNMP) is the most popular\n protocol in use to manage networked devices. SNMP was designed in\n the late 80\u0027s to facilitate the exchange of management information\n between networked devices, operating at the application layer of\n the ISO/OSI model. The SNMP protocol enables network and system\n administrators to remotely monitor and configure devices on the\n network (devices such as switches and routers). Software and\n firmware products designed for networks often make use of the SNMP\n protocol. SNMP runs on a multitude of devices and operating\n systems, including, but not limited to,\n + Core Network Devices (Routers, Switches, Hubs, Bridges, and\n Wireless Network Access Points)\n + Operating Systems\n + Consumer Broadband Network Devices (Cable Modems and DSL\n Modems)\n + Consumer Electronic Devices (Cameras and Image Scanners)\n + Networked Office Equipment (Printers, Copiers, and FAX\n Machines)\n + Network and Systems Management/Diagnostic Frameworks (Network\n Sniffers and Network Analyzers)\n + Uninterruptible Power Supplies (UPS)\n + Networked Medical Equipment (Imaging Units and Oscilloscopes)\n + Manufacturing and Processing Equipment\n The SNMP protocol is formally defined in RFC1157. Quoting from\n that RFC:\n\n Implicit in the SNMP architectural model is a collection\n of network management stations and network elements. \n Network management stations execute management\n applications which monitor and control network elements. \n Network elements are devices such as hosts, gateways,\n terminal servers, and the like, which have management\n agents responsible for performing the network management\n functions requested by the network management stations. \n The Simple Network Management Protocol (SNMP) is used to\n communicate management information between the network\n management stations and the agents in the network\n elements. \n\n Additionally, SNMP is discussed in a number of other RFC\n documents:\n + RFC 3000 Internet Official Protocol Standards\n + RFC 1212 Concise MIB Definitions\n + RFC 1213 Management Information Base for Network Management\n of TCP/IP-based Internets: MIB-II\n + RFC 1215 A Convention for Defining Traps for use with the\n SNMP\n + RFC 1270 SNMP Communications Services\n + RFC 2570 Introduction to Version 3 of the Internet-standard\n Network Management Framework\n + RFC 2571 An Architecture for Describing SNMP Management\n Frameworks\n + RFC 2572 Message Processing and Dispatching for the Simple\n Network Management Protocol (SNMP)\n + RFC 2573 SNMP Applications\n + RFC 2574 User-based Security Model (USM) for version 3 of the\n Simple Network Management Protocol (SNMPv3)\n + RFC 2575 View-based Access Control Model (VACM) for the\n Simple Network Management Protocol (SNMP)\n + RFC 2576 Coexistence between Version 1, Version 2, and\n Version 3 of the Internet-standard Network Management\n Framework\n _____________________________________________________________\n\n The CERT Coordination Center thanks the Oulu University Secure\n Programming Group for reporting these vulnerabilities to us, for\n providing detailed technical analyses, and for assisting us in\n preparing this advisory. We also thank Steven M. Bellovin (AT\u0026T\n Labs -- Research), Wes Hardaker (Net-SNMP), Steve Moulton (SNMP\n Research), Tom Reddington (Bell Labs), Mike Duckett (Bell South),\n Rob Thomas, Blue Boar (Thievco), and the many others who\n contributed to this document. \n _____________________________________________________________\n\n Feedback on this document can be directed to the authors, Ian A. \n Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. \n Householder, Marty Lindner, and Art Manion. \n __________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-03.html\n __________________________________________________________________\n\n CERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n \n Using encryption\n We strongly urge you to encrypt sensitive information sent by\n email. Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n If you prefer to use DES, please call the CERT hotline for more\n information. \n \n Getting security information\n CERT publications and other security information are available\n from our web site\n http://www.cert.org/\n To subscribe to the CERT mailing list for advisories and\n bulletins, send email to majordomo@cert.org. Please include in the\n body of your message\n \n subscribe cert-advisory\n \n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n __________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the\n Software Engineering Institute is furnished on an \"as is\" basis. \n Carnegie Mellon University makes no warranties of any kind, either\n expressed or implied as to any matter including, but not limited\n to, warranty of fitness for a particular purpose or\n merchantability, exclusivity or results obtained from use of the\n material. Carnegie Mellon University does not make any warranty of\n any kind with respect to freedom from patent, trademark, or\n copyright infringement. \n _____________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n Copyright 2002 Carnegie Mellon University. \n\nRevision History\n\n February 12, 2002: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU\nR1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl\nQUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr\nuZiMJ5f2SEo=\n=h42e\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "PACKETSTORM",
"id": "25758"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4089",
"trust": 2.7
},
{
"db": "BID",
"id": "4132",
"trust": 1.9
},
{
"db": "BID",
"id": "4732",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-1999-1570",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#107186",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#854306",
"trust": 0.9
},
{
"db": "BID",
"id": "4088",
"trust": 0.8
},
{
"db": "VULN-DEV",
"id": "20020509 SAR -O EXPLOITATION PROCESS INFO.",
"trust": 0.6
},
{
"db": "XF",
"id": "8989",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "19990909 19 SCO 5.0.5+SKUNWARE98 BUFFER OVERFLOWS",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2002-SCO.17",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "25758",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "PACKETSTORM",
"id": "25758"
},
{
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"id": "VAR-200205-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42828385666666663
},
"last_update_date": "2023-12-18T12:47:42.364000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-1570"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/4089"
},
{
"trust": 1.7,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
},
{
"trust": 1.7,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 1.7,
"url": "http://www.ietf.org/rfc/rfc1215.txt"
},
{
"trust": 1.7,
"url": "http://www.ietf.org/rfc/rfc1270.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc3000.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1212.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1213.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2570.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2571.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2572.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2573.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2574.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2575.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2576.txt"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/bid/4132"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/bid/4732"
},
{
"trust": 1.6,
"url": "ftp://stage.caldera.com/pub/security/openserver/cssa-2002-sco.17/cssa-2002-sco.17.txt"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/archive/1/27074"
},
{
"trust": 1.6,
"url": "http://www.iss.net/security_center/static/8989.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=vuln-dev\u0026m=102098949103708\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/4088"
},
{
"trust": 0.7,
"url": "http://www.cert.org/advisories/ca-2002-03.html"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=vuln-dev\u0026m=102098949103708\u0026w=2"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f43365"
},
{
"trust": 0.3,
"url": "http://online.securityfocus.com/news/474"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f46343"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1352.txt"
},
{
"trust": 0.1,
"url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/snmp_faq.html"
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/ca/4.1.02/relnotes.htm"
},
{
"trust": 0.1,
"url": "http://www.innerdive.com/products/ric/)"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/107186"
},
{
"trust": 0.1,
"url": "https://www.juniper.net."
},
{
"trust": 0.1,
"url": "http://sunsolve.sun.com/securitypatch."
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/854306"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt/."
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/ca/4.0.15/relnotes.htm"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1067.txt"
},
{
"trust": 0.1,
"url": "https://www.dartware.com)"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1140.txt"
},
{
"trust": 0.1,
"url": "http://itrc.hp.com"
},
{
"trust": 0.1,
"url": "http://www.sun.com/solstice/products/ent.agents/"
},
{
"trust": 0.1,
"url": "http://stage.caldera.com/support/security"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/)"
},
{
"trust": 0.1,
"url": "http://www.net-snmp.org/download/)."
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.ibm.com/software/lotus/support/)."
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/sa/4.0.15/relnotes.htm"
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1156.txt"
},
{
"trust": 0.1,
"url": "http://support.novell.com/tools/csp/"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/cpe/patches/"
},
{
"trust": 0.1,
"url": "https://www.covalent.net"
},
{
"trust": 0.1,
"url": "http://www.innerdive.com/products/mibscout/)"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.h"
},
{
"trust": 0.1,
"url": "http://sunsolve.sun.com/security."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1155.txt"
},
{
"trust": 0.1,
"url": "http://www.stonesoft.com/support/techcenter/"
},
{
"trust": 0.1,
"url": "http://www.sgi.com/support/security/."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1089.txt"
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/ca/3.1.22/relnotes.htm"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "PACKETSTORM",
"id": "25758"
},
{
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "PACKETSTORM",
"id": "25758"
},
{
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-01-16T00:00:00",
"db": "CERT/CC",
"id": "VU#107186"
},
{
"date": "2002-02-12T00:00:00",
"db": "CERT/CC",
"id": "VU#854306"
},
{
"date": "2002-05-13T00:00:00",
"db": "BID",
"id": "4732"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4089"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4132"
},
{
"date": "2002-02-12T22:54:19",
"db": "PACKETSTORM",
"id": "25758"
},
{
"date": "2002-05-01T04:00:00",
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"date": "2002-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#107186"
},
{
"date": "2007-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#854306"
},
{
"date": "2002-05-13T00:00:00",
"db": "BID",
"id": "4732"
},
{
"date": "2009-07-11T10:56:00",
"db": "BID",
"id": "4089"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4132"
},
{
"date": "2016-10-18T02:06:04.880000",
"db": "NVD",
"id": "CVE-1999-1570"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in SNMPv1 trap handling",
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "4089"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-001"
}
],
"trust": 0.9
}
}
VAR-200202-0007
Vulnerability from variot - Updated: 2023-12-18 12:47Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code ・ If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the “Overview” for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. The resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. Multiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. Among the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. It is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)
Original release date: February 12, 2002 Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Products from a very wide variety of vendors may be affected. See Vendor Information for details from vendors who have provided feedback for this advisory.
In addition to the vendors who provided feedback for this advisory, a list of vendors whom CERT/CC contacted regarding these problems is available from http://www.kb.cert.org/vuls/id/854306 http://www.kb.cert.org/vuls/id/107186
Many other systems making use of SNMP may also be vulnerable but were not specifically tested.
In addition to this advisory, we also have an FAQ available at http://www.cert.org/tech_tips/snmp_faq.html
I. Version 1 of the protocol (SNMPv1) defines several types of SNMP messages that are used to request information or configuration changes, respond to requests, enumerate SNMP objects, and send unsolicited alerts. The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous vulnerabilities in SNMPv1 implementations from many different vendors. More information about SNMP and OUSPG can be found in Appendix C
OUSPG's research focused on the manner in which SNMPv1 agents and managers handle request and trap messages. A trap message may indicate a warning or error condition or otherwise notify the manager about the agent's state. Request messages might be issued to obtain information from an agent or to instruct the agent to configure the host device.
Vulnerabilities in the decoding and subsequent processing of SNMP messages by both managers and agents may result in denial-of-service conditions, format string vulnerabilities, and buffer overflows. Some vulnerabilities do not require the SNMP message to use the correct SNMP community string.
These vulnerabilities have been assigned the CVE identifiers CAN-2002-0012 and CAN-2002-0013, respectively.
II.
III. Solution
Note that many of the mitigation steps recommended below may have significant impact on your everyday network operations and/or network architecture. Ensure that any changes made based on the following recommendations will not unacceptably affect your ongoing network operations capability.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this advisory. Please consult this appendix to determine if you need to contact your vendor directly.
Disable the SNMP service
As a general rule, the CERT/CC recommends disabling any service or capability that is not explicitly required, including SNMP. Unfortunately, some of the affected products exhibited unexpected behavior or denial of service conditions when exposed to the OUSPG test suite even if SNMP was not enabled. In these cases, disabling SNMP should be used in conjunction with the filtering practices listed below to provide additional protection.
Ingress filtering
As a temporary measure, it may be possible to limit the scope of these vulnerabilities by blocking access to SNMP services at the network perimeter.
Ingress filtering manages the flow of traffic as it enters a network under your administrative control. Servers are typically the only machines that need to accept inbound traffic from the public Internet. In the network usage policy of many sites, there are few reasons for external hosts to initiate inbound traffic to machines that provide no public services. Thus, ingress filtering should be performed at the border to prohibit externally initiated inbound traffic to non-authorized services. For SNMP, ingress filtering of the following ports can prevent attackers outside of your network from impacting vulnerable devices in the local network that are not explicitly authorized to provide public SNMP services.
snmp 161/udp # Simple Network Management Protocol (SNMP) snmp 162/udp # SNMP system management messages
The following services are less common, but may be used on some affected products
snmp 161/tcp # Simple Network Management Protocol (SNMP) snmp 162/tcp # SNMP system management messages smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # SNMP Unix Multiplexer synoptics-relay 391/tcp # SynOptics SNMP Relay Port synoptics-relay 391/udp # SynOptics SNMP Relay Port agentx 705/tcp # AgentX snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port
As noted above, you should carefully consider the impact of blocking services that you may be using.
It is important to note that in many SNMP implementations, the SNMP daemon may bind to all IP interfaces on the device. This has important consequences when considering appropriate packet filtering measures required to protect an SNMP-enabled device. For example, even if a device disallows SNMP packets directed to the IP addresses of its normal network interfaces, it may still be possible to exploit these vulnerabilities on that device through the use of packets directed at the following IP addresses: * "all-ones" broadcast address * subnet broadcast address * any internal loopback addresses (commonly used in routers for management purposes, not to be confused with the IP stack loopback address 127.0.0.1)
Careful consideration should be given to addresses of the types mentioned above by sites planning for packet filtering as part of their mitigation strategy for these vulnerabilities.
Finally, sites may wish to block access to the following RPC services related to SNMP (listed as name, program ID, alternate names)
snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk snmpv2 100138 na.snmpv2 # SNM Version 2.2.2 snmpXdmid 100249
Please note that this workaround may not protect vulnerable devices from internal attacks.
Filter SNMP traffic from non-authorized internal hosts
In many networks, only a limited number of network management systems need to originate SNMP request messages. This can reduce, but not wholly eliminate, the risk from internal attacks. However, it may have detrimental effects on network performance due to the increased load imposed by the filtering, so careful consideration is required before implementation. Similar caveats to the previous workaround regarding broadcast and loopback addresses apply.
Change default community strings
Most SNMP-enabled products ship with default community strings of "public" for read-only access and "private" for read-write access. As with any known default access control mechanism, the CERT/CC recommends that network administrators change these community strings to something of their own choosing. However, even when community strings are changed from their defaults, they will still be passed in plaintext and are therefore subject to packet sniffing attacks. SNMPv3 offers additional capabilities to ensure authentication and privacy as described in RFC2574.
Because many of the vulnerabilities identified in this advisory occur before the community strings are evaluated, it is important to note that performing this step alone is not sufficient to mitigate the impact of these vulnerabilities. Nonetheless, it should be performed as part of good security practice.
Segregate SNMP traffic onto a separate management network
In situations where blocking or disabling SNMP is not possible, exposure to these vulnerabilities may be limited by restricting all SNMP access to separate, isolated management networks that are not publicly accessible. Although this would ideally involve physically separate networks, that kind of separation is probably not feasible in most environments. Mechanisms such as virtual LANs (VLANs) may be used to help segregate traffic on the same physical network. Note that VLANs may not strictly prevent an attacker from exploiting these vulnerabilities, but they may make it more difficult to initiate the attacks.
Another option is for sites to restrict SNMP traffic to separate virtual private networks (VPNs), which employ cryptographically strong authentication.
Note that these solutions may require extensive changes to a site's network architecture.
Egress filtering
Egress filtering manages the flow of traffic as it leaves a network under your administrative control. There is typically limited need for machines providing public services to initiate outbound traffic to the Internet. In the case of SNMP vulnerabilities, employing egress filtering on the ports listed above at your network border can prevent your network from being used as a source for attacks on other sites.
Disable stack execution
Disabling executable stacks (on systems where this is configurable) can reduce the risk of "stack smashing" attacks based on these vulnerabilities. Although this does not provide 100 percent protection against exploitation of these vulnerabilities, it makes the likelihood of a successful exploit much smaller. On many UNIX systems, executable stacks can be disabled by adding the following lines to /etc/system:
set noexec_user_stack = 1 set noexec_user_stack_log = 1
Note that this may go against the SPARC and Intel ABIs and can be bypassed as required in programs with mprotect(2). For the changes to take effect you will then need to reboot.
Other operating systems and architectures also support the disabling of executable stacks either through native configuration parameters or via third-party software. Consult your vendor(s) for additional information.
Share tools and techniques
Because dealing with these vulnerabilities to systems and networks is so complex, the CERT/CC will provide a forum where administrators can share ideas and techniques that can be used to develop proper defenses. We have created an unmoderated mailing list for system and network administrators to discuss helpful techniques and tools.
You can subscribe to the mailing list by sending an email message to majordomo@cert.org. In the body of the message, type
subscribe snmp-forum
After you receive the confirmation message, follow the instructions in the message to complete the subscription process.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.
AdventNet
This is in reference to your notification regarding [VU#107186 and
VU#854306] and OUSPG#0100. AdventNet Inc. has reproduced this
behavior in their products and coded a Service Pack fix which is
currently in regression testing in AdventNet Inc.'s Q.A.
organization. The release of AdventNet Inc's. Service Pack
correcting the behavior outlined in VU#617947, and OUSPG#0100 is
scheduled to be generally available to all of AdventNet Inc.'s
customers by February 20, 2002.
Avaya
Avaya Inc.
CacheFlow
The purpose of this email is to advise you that CacheFlow Inc. has
provided a software update. Please be advised that updated versions
of the software are now available for all supported CacheFlow
hardware platforms, and may be obtained by CacheFlow customers at
the following URL:
http://download.cacheflow.com/
The specific reference to the software update is contained within the Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15 Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149.
RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm
RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS: * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm
* SR 1-1647517, VI 13045: This update modified a potential
vulnerability by using an SNMP test tools exploit.
3Com Corporation
A vulnerability to an SNMP packet with an invalid length community
string has been resolved in the following products. Customers
concerned about this weakness should ensure that they upgrade to
the following agent versions:
PS Hub 40
2.16 is due Feb 2002
PS Hub 50
2.16 is due Feb 2002
Dual Speed Hub
2.16 is due Jan 2002
Switch 1100/3300
2.68 is available now
Switch 4400
2.02 is available now
Switch 4900
2.04 is available now
WebCache1000/3000
2.00 is due Jan 2002
Caldera
Caldera International, Inc. has reproduced faulty behavior in
Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX
8. We have coded a software fix for supported versions of Caldera
UnixWare 7 and Caldera Open UNIX 8 that will be available from
our support site at http://stage.caldera.com/support/security
immediately following the publication of this CERT announcement. A
fix for supported versions of OpenServer 5 will be available at a
later date.
Cisco Systems
Cisco Systems is addressing the vulnerabilities identified by
VU#854306 and VU#107186 across its entire product line. Cisco will
publish a security advisory with further details at
http://www.cisco.com/go/psirt/.
Compaq Computer Corporation
x-ref: SSRT0779U SNMP
At the time of writing this document, COMPAQ continues to evaluate
this potential problem and when new versions of SNMP are available,
COMPAQ will implement solutions based on the new code. Compaq will
provide notice of any new patches as a result of that effort
through standard patch notification procedures and be available
from your normal Compaq Services support channel.
Computer Associates
Computer Associates has confirmed Unicenter vulnerability to the
SNMP advisory identified by CERT notification reference [VU#107186
& VU#854306] and OUSPG#0100. We have produced corrective
maintenance to address these vulnerabilities, which is in the
process of publication for all applicable releases / platforms and
will be offered through the CA Support site. Please contact our
Technical Support organization for information regarding
availability / applicability for your specific configuration(s).
COMTEK Services, Inc.
NMServer for AS/400 is not an SNMP master and is therefore not
vulnerable. However this product requires the use of the AS/400
SNMP master agent supplied by IBM.
NMServer for OpenVMS has been tested and has shown to be
vulnerable. COMTEK Services is preparing a new release of this
product (version 3.5) which will contain a fix for this problem.
This new release is scheduled to be available in February 2002.
Contact COMTEK Services for further information.
NMServer for VOS has not as yet been tested; vulnerability of this
agent is unknown. Contact for further information on the testing
schedule of the VOS product.
Covalent Technologies
Covalent Technologies ERS (Enterprise Ready Server), Secure Server,
and Conductor SNMP module are not vulnerable according to testing
performed in accordance with CERT recommendations. Security
information for Covalent products can be found at www.covalent.net
Dartware, LLC
Dartware, LLC (www.dartware.com) supplies two products that use
SNMPv1 in a manager role, InterMapper and SNMP Watcher. This statement applies to all present
and past versions of these two software packages.
DMH Software
DMH Software is in the process of evaluating and attempting to
reproduce this behavior.
It is unclear at this point if our snmp-agent is sensitive to the
tests described above.
If any problems will be discovered, DMH Software will code a
software fix.
The release of DMH Software OS correcting the behavior outlined in
VU#854306, VU#107186, and OUSPG#0100 will be generally available to
all of DMH Software's customers as soon as possible.
EnGarde Secure Linux
EnGarde Secure Linux did not ship any SNMP packages in version
1.0.1 of our distribution, so we are not vulnerable to either bug.
FreeBSD
FreeBSD does not include any SNMP software by default, and so is
not vulnerable. However, the FreeBSD Ports Collection contains the
UCD-SNMP / NET-SNMP package. Package versions prior to
ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release
will ship the corrected version of the UCD-SNMP / NET-SNMP
package. In addition, the corrected version of the packages is
available from the FreeBSD mirrors.
FreeBSD has issued the following FreeBSD Security Advisory
regarding the UCD-SNMP / NET-SNMP package:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.
snmp.asc.
Hewlett-Packard Company
SUMMARY - known vulnerable:
========================================
hp procurve switch 2524
NNM (Network Node Manager)
JetDirect Firmware (Older versions only)
HP-UX Systems running snmpd or OPENVIEW
MC/ServiceGuard
EMS
Still under investigation:
SNMP/iX (MPE/iX)
========================================
_________________________________________________________
---------------------------------------------------------
hp procurve switch 2524
---------------------------------------------------------
hp procurve switch 2525 (product J4813A) is vulnerable to some
issues, patches in process. Watch for the associated HP
Security Bulletin.
---------------------------------------------------------
NNM (Network Node Manager)
---------------------------------------------------------
Some problems were found in NNM product were related to
trap handling. Patches in process. Watch for the
associated HP Security Bulletin.
---------------------------------------------------------
JetDirect Firmware (Older versions only)
---------------------------------------------------------
ONLY some older versions of JetDirect Firmware are
vulnerable to some of the issues. The older firmware
can be upgraded in most cases, see list below.
JetDirect Firmware Version State
========================== =====
X.08.32 and higher NOT Vulnerable
X.21.00 and higher NOT Vulnerable
JetDirect Product Numbers that can be freely
upgraded to X.08.32 or X.21.00 or higher firmware.
EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)
J3110A 10T
J3111A 10T/10B2/LocalTalk
J3112A Token Ring (discontinued)
J3113A 10/100 (discontinued)
J4169A 10/100
J4167A Token Ring
MIO (Peripherals LaserJet 4, 4si, 5si, etc...)
J2550A/B 10T (discontinued)
J2552A/B 10T/10Base2/LocalTalk (discontinued)
J2555A/B Token Ring (discontinued)
J4100A 10/100
J4105A Token Ring
J4106A 10T
External Print Servers
J2591A EX+ (discontinued)
J2593A EX+3 10T/10B2 (discontinued)
J2594A EX+3 Token Ring (discontinued)
J3263A 300X 10/100
J3264A 500X Token Ring
J3265A 500X 10/100
----------------------------------------------------------
HP-UX Systems running snmpd or OPENVIEW
----------------------------------------------------------
The following patches are available now:
PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch
PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch
PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated
Patch
All three patches are available from:
http://support.openview.hp.com/cpe/patches/
In addition PHSS_26137 and PHSS_26138 will soon be available from:
http://itrc.hp.com
================================================================
NOTE: The patches are labeled OV(Open View). However, the patches
are also applicable to systems that are not running Open View.
=================================================================
Any HP-UX 10.X or 11.X system running snmpd or snmpdm is
vulnerable.
To determine if your HP-UX system has snmpd or snmpdm installed:
swlist -l file | grep snmpd
If a patch is not available for your platform or you cannot install
an available patch, snmpd and snmpdm can be disabled by removing
their
entries from /etc/services and removing the execute permissions
from
/usr/sbin/snmpd and /usr/sbin/snmpdm.
----------------------------------------------------------------
Investigation completed, systems vulnerable.
----------------------------------------------------------------
MC/ServiceGuard
Event Monitoring System (EMS)
----------------------------------------------------------------
Still under investigation:
----------------------------------------------------------------
SNMP/iX (MPE/iX)
Hirschmann Electronics GmbH & Co. KG
Hirschmann Electronics GmbH & Co. KG supplies a broad range of
networking products, some of which are affected by the SNMP
vulnerabilities identified by CERT Coordination Center. Hirschmann customers may contact our Competence
Center (phone +49-7127-14-1538, email:
ans-support@nt.hirschmann.de) for additional information,
especially regarding availability of latest firmware releases
addressing the SNMP vulnerabilities.
IBM Corporation
Based upon the results of running the test suites we have
determined that our version of SNMP shipped with AIX is NOT
vulnerable.
Innerdive Solutions, LLC
Innerdive Solutions, LLC has two SNMP based products:
1. The "SNMP MIB Scout"
(http://www.innerdive.com/products/mibscout/)
2. The "Router IP Console" (http://www.innerdive.com/products/ric/)
The "SNMP MIB Scout" is not vulnerable to either bug.
The "Router IP Console" releases prior to 3.3.0.407 are vulnerable.
The release of "Router IP Console" correcting the behavior outlined
in OUSPG#0100 is 3.3.0.407 and is already available on our site.
Also, we will notify all our customers about this new release no
later than March 5, 2002.
Juniper Networks
This is in reference to your notification regarding CAN-2002-0012
and CAN-2002-0013. Juniper Networks has reproduced this behavior
and coded a software fix. The fix will be included in all releases
of JUNOS Internet software built after January 5, 2002. Customers
with current support contracts can download new software with the
fix from Juniper's web site at www.juniper.net.
Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can
only be reproduced in JUNOS Internet software if certain tracing
options are enabled. These options are generally not enabled in
production routers.
Lantronix, Inc.
Lantronix is committed to resolving security issues with our
products. The SNMP security bug you reported has been fixed in LRS
firmware version B1.3/611(020123).
Lotus Development Corporation
Lotus Software evaluated the Lotus Domino Server for
vulnerabilities using the test suite materials provided by OUSPG.
This problem does not affect default installations of the Domino
Server. However, SNMP agents can be installed from the CD to
provide SNMP services for the Domino Server (these are located in
the /apps/sysmgmt/agents directory). The optional platform
specific master and encapsulator agents included with the Lotus
Domino SNMP Agents for HP-UX and Solaris have been found to be
vulnerable. For those platforms, customers should upgrade to
version R5.0.1 a of the Lotus Domino SNMP Agents, available for
download from the Lotus Knowledge Base on the IBM Support Web Site
(http://www.ibm.com/software/lotus/support/). Please refer to
Document #191059, "Lotus Domino SNMP Agents R5.0.1a", also in the
Lotus Knowledge Base, for more details.
LOGEC Systems Inc
The products from LOGEC Systems are exposed to SNMP only via HP
OpenView. We do not have an implementation of SNMP ourselves. As
such, there is nothing in our products that would be an issue with
this alert.
Lucent
Lucent is aware of reports that there is a vulnerability in certain
implementations of the SNMP (Simple Network Management Protocol)
code that is used in data switches and other hardware throughout
the telecom industry.
As soon as we were notified by CERT, we began assessing our product
portfolio and notifying customers with products that might be
affected.
Our 5ESS switch and most of our optical portfolio were not
affected. Our core and edge ATM switches and most of our edge
access products are affected, but we have developed, tested, and
deployed fixes for many of those products to our customers.
We consider the security and reliability of our customers' networks
to be one of our critical measures of success. We take every
reasonable measure to ensure their satisfaction.
In addition, we are working with customers on ways to further
enhance the security they have in place today.
Marconi
Marconi supplies a broad range of telecommunications and related
products, some of which are affected by the SNMP vulnerabilities
identified here. Those
Marconi customers with support entitlement may contact the
appropriate Technical Assistance Center (TAC) for additional
information. Those not under support entitlement may contact their
sales representative.
Microsoft Corporation
The Microsoft Security Reponse [sic] Center has investigated this
issue, and provides the following information. The SNMP v1 service is not installed or running by
default on any version of Windows. A patch is underway to eliminate
the vulnerability. In the meantime, we recommend that affected
customers disable the SNMP v1 service.
Details:
An SNMP v1 service ships on the CDs for Windows 95, 98, and 98SE.
It is not installed or running by default on any of these
platforms. An SNMP v1 is NOT provided for Windows ME. However, it
is possible that Windows 98 machines which had the service
installed and were upgraded would still have the service. Since
SNMP is not supported for WinME, customers in this situation are
urged to remove the SNMP service.
An SNMP v1 service is available on Windows NT 4.0 (including
Terminal Server Edition) and Windows 2000 but is not installed or
running by default on any of these platforms.Windows XP does not
ship with an SNMP v1 service.
Remediation:
A patch is underway for the affected platforms, and will be
released shortly. In the meantime, Microsoft recommends that
customers who have the SNMP v1 service running disable it to
protect their systems. Following are instruction for doing this:
Windows 95, 98 and 98SE:
1. In Control Panel, double-click Network.
2. On the Configuration tab, select Microsoft SNMP Agent from the
list of installed components.
3. Click Remove
Check the following keys and confirm that snmp.exe is not listed.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunSer
vices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
For Windows XP:
1. Right-click on My Computer and select Manage
2. Click on Services and Applications, then on Services
3. Location SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close the Computer
Management window.
For Windows NT 4.0 (including Terminal Server Edition):
1. Select Start, then Settings.
2. Select Control Panel, then click on the Services Icon
3. Locate SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close Control Panel
Windows 2000:
1. Right-click on My Computer and select Manage
2. Click on Services and Applications, then on Services
3. Location SNMP on the list of services, then select it and click
Stop.
4. Select Startup, and click Disabled.
5. Click OK to close the dialoge [sic], then close the Computer
Management window.
Multinet
MultiNet and TCPware customers should contact Process Software to
check for the availability of patches for this issue. A couple of
minor problems were found and fixed, but there is no security risk
related to the SNMP code included with either product.
Netaphor
NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP
Manager Toolkit and Cyberons for Java -- NMS Application Toolkit,
two Java based products that may be affected by the SNMP
vulnerabilities identified here. The manner in which they are
affected and the actions required (if any) to avoid being impacted
by exploitation of these vulnerabilities, may be obtained by
contacting Netaphor via email at info@netaphor.com Customers with
annual support may contact support@netaphor.com directly. Those not
under support entitlement may contact Netaphor sales:
sales@netaphor.com or (949) 470 7955 in USA.
NetBSD
NetBSD does not ship with any SNMP tools in our 'base' releases. We
do provide optional packages which provide various support for
SNMP. These packages are not installed by default, nor are they
currently provided as an install option by the operating system
installation tools. A system administrator/end-user has to manually
install this with our package management tools. These SNMP packages
include:
+ netsaint-plugin-snmp-1.2.8.4 (SNMP monitoring plug-in for
netsaint)
+ p5-Net-SNMP-3.60 (perl5 module for SNMP queries)
+ p5-SNMP-3.1.0 (Perl5 module for interfacing to the UCD SNMP
library
+ p5-SNMP_Session-0.83 (perl5 module providing rudimentary
access to remote SNMP agents)
+ ucd-snmp-4.2.1 (Extensible SNMP implementation) (conflicts
with ucd-snmp-4.1.2)
+ ucd-snmp-4.1.2 (Extensible SNMP implementation) (conflicts
with ucd-snmp-4.2.1)
We do provide a software monitoring mechanism called
'audit-packages', which allows us to highlight if a package with a
range of versions has a potential vulnerability, and recommends
that the end-user upgrade the packages in question.
Netscape Communications Corporation
Netscape continues to be committed to maintaining a high level of
quality in our software and service offerings. Part of this
commitment includes prompt response to security issues discovered
by organizations such as the CERT Coordination Center.
According to a recent CERT/CC advisory, The Oulu University Secure
Programming Group (OUSPG) has reported numerous vulnerabilities in
multiple vendor SNMPv1 implementations.
We have carefully examined the reported findings, performing the
tests suggested by the OUSPG to determine whether Netscape server
products were subject to these vulnerabilities. It was determined
that several products fell into this category. As a result, we have
created fixes which will resolve the issues, and these fixes will
appear in future releases of our product line. To Netscape's
knowledge, there are no known instances of these vulnerabilities
being exploited and no customers have been affected to date.
When such security warnings are issued, Netscape has committed to -
and will continue to commit to - resolving these issues in a prompt
and timely fashion, ensuring that our customers receive products of
the highest quality and security.
NET-SNMP
All ucd-snmp version prior to 4.2.2 are susceptible to this
vulnerability and users of versions prior to version 4.2.2 are
encouraged to upgrade their software as soon as possible
(http://www.net-snmp.org/download/). Version 4.2.2 and higher are
not susceptible.
Network Associates
PGP is not affected, impacted, or otherwise related to this VU#.
Network Computing Technologies
Network Computing Technologies has reviewed the information
regarding SNMP vulnerabilities and is currently investigating the
impact to our products.
Nokia
This vulnerability is known to affect IPSO versions 3.1.3, 3.3,
3.3.1, 3.4, and 3.4.1. Patches are currently available for
versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia
website. In addition, version 3.4.2 shipped with the patch
incorporated, and the necessary fix will be included in all future
releases of IPSO.
We recommend customers install the patch immediately or follow the
recommended precautions below to avoid any potential exploit.
If you are not using SNMP services, including Traps, simply disable
the SNMP daemon to completely eliminate the potential
vulnerability.
If you are using only SNMP Traps and running Check Point
FireWall-1, create a firewall policy to disallow incoming SNMP
messages on all appropriate interfaces. Traps will continue to work
normally.
Nortel Networks
The CERT Coordination Center has issued a broad based alert to the
technology industry, including Nortel Networks, regarding potential
security vulnerabilities identified in the Simple Network
Management Protocol (SNMP), a common networking standard. The
company is working with CERT and other network equipment
manufacturers, the U.S. Government, service providers, and software
suppliers to assess and address this issue.
Novell
Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x
and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on
NetWare are fixed and will be available through NetWare 6 Support
Pack 1 & NetWare 5.1 Support Pack 4. Support packs are available at
http://support.novell.com/tools/csp/
OpenBSD
OpenBSD does not ship SNMP code.
Qualcomm
WorldMail does not support SNMP by default, so customers who run
unmodified installations are not vulnerable.
Redback Networks, Inc.
Redback Networks, Inc. has identified that the vulnerability in
question affects certain versions of AOS software on the SMS 500,
SMS 1800, and SMS 10000 platforms, and is taking the appropriate
steps necessary to correct the issue.
Red Hat
RedHat has released a security advisiory [sic] at
http://www.redhat.com/support/errata/RHSA-2001-163.html
with updated versions of the ucd-snmp package for all supported
releases and architectures. For more information or to download the
update please visit this page.
SGI
SGI acknowledges the SNMP vulnerabilities reported by CERT and is
currently investigating.
For the protection of all our customers, SGI does not disclose,
discuss or confirm vulnerabilities until a full investigation has
occurred and any necessary patch(es) or release streams are
available for all vulnerable and supported IRIX operating systems.
Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable
and take appropriate steps according to local site security
policies and requirements. As further information becomes
available, additional advisories will be issued via the normal SGI
security information distribution methods including the wiretap
mailing list on http://www.sgi.com/support/security/.
SNMP Research International
SNMP Research has made the following vendor statement. They are
likely to revise and expand the statement as the date for the
public vulnerability announcement draws nearer. Users maintaining
earlier releases should update to the current release if they have
not already done so. Other Stonesoft's products are
still under investigation.
Sun's SNMP product, Solstice Enterprise Agents (SEA), described
here:
http://www.sun.com/solstice/products/ent.agents/
is affected by VU#854306 but not VU#107186. More specifically the
main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8.
Sun is currently generating patches for this issue and will be
releasing a Sun Security Bulletin once the patches are available.
The bulletin will be available from:
http://sunsolve.sun.com/security. Sun patches are available from:
http://sunsolve.sun.com/securitypatch.
Symantec Corporation
Symantec Corporation has investigated the SNMP issues identified by
the OUSPG test suite and determined that Symantec products are not
susceptable [sic] to these issues.
TANDBERG
Tandberg have run all the testcases found the PROTOS test-suie
[sic], c06snmpv1:
1. c06-snmpv1-trap-enc-pr1.jar
2. c06-snmpv1-treq-app-pr1.jar
3. c06-snmpv1-trap-enc-pr1.jar
4. c06-snmpv1-req-app-pr1.jar
The tests were run with standard delay time between the requests
(100ms), but also with a delay of 1ms. The tests applies to all
TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The
software tested on these products were B4.0 (our latest software)
and no problems were found when running the test suite.
Appendix B. - References 1. http://www.ee.oulu.fi/research/ouspg/protos/ 2. http://www.kb.cert.org/vuls/id/854306 3. http://www.kb.cert.org/vuls/id/107186 4. http://www.cert.org/tech_tips/denial_of_service.html 5. http://www.ietf.org/rfc/rfc1067.txt 6. http://www.ietf.org/rfc/rfc1089.txt 7. http://www.ietf.org/rfc/rfc1140.txt 8. http://www.ietf.org/rfc/rfc1155.txt 9. http://www.ietf.org/rfc/rfc1156.txt 10. http://www.ietf.org/rfc/rfc1215.txt 11. http://www.ietf.org/rfc/rfc1270.txt 12. http://www.ietf.org/rfc/rfc1352.txt
Appendix C. - Background Information
Background Information on the OUSPG
OUSPG is an academic research group located at Oulu University in
Finland. The purpose of this research group is to test software
for vulnerabilities.
History has shown that the techniques used by the OUSPG have
discovered a large number of previously undetected problems in the
products and protocols they have tested. In 2001, the OUSPG
produced a comprehensive test suite for evaluating implementations
of the Lightweight Directory Access Protocol (LDAP). This test
suite was developed with the strategy of abusing the protocol in
unsupported and unexpected ways, and it was very effective in
uncovering a wide variety of vulnerabilities across several
products. This approach can reveal vulnerabilities that would not
manifest themselves under normal conditions.
After completing its work on LDAP, OUSPG moved its focus to
SNMPv1. As with LDAP, they designed a custom test suite, began
testing a selection of products, and found a number of
vulnerabilities. Because OUSPG's work on LDAP was similar in
procedure to its current work on SNMP, you may wish to review the
LDAP Test Suite and CERT Advisory CA-2001-18, which outlined
results of application of the test suite.
In order to test the security of protocols like SNMPv1, the PROTOS
project presents a server with a wide variety of sample packets
containing unexpected values or illegally formatted data. As a
member of the PROTOS project consortium, the OUSPG used the PROTOS
c06-snmpv1 test suite to study several implementations of the
SNMPv1 protocol. Software and
firmware products designed for networks often make use of the SNMP
protocol. SNMP runs on a multitude of devices and operating
systems, including, but not limited to,
+ Core Network Devices (Routers, Switches, Hubs, Bridges, and
Wireless Network Access Points)
+ Operating Systems
+ Consumer Broadband Network Devices (Cable Modems and DSL
Modems)
+ Consumer Electronic Devices (Cameras and Image Scanners)
+ Networked Office Equipment (Printers, Copiers, and FAX
Machines)
+ Network and Systems Management/Diagnostic Frameworks (Network
Sniffers and Network Analyzers)
+ Uninterruptible Power Supplies (UPS)
+ Networked Medical Equipment (Imaging Units and Oscilloscopes)
+ Manufacturing and Processing Equipment
The SNMP protocol is formally defined in RFC1157. Quoting from
that RFC:
Implicit in the SNMP architectural model is a collection
of network management stations and network elements.
Network management stations execute management
applications which monitor and control network elements.
Network elements are devices such as hosts, gateways,
terminal servers, and the like, which have management
agents responsible for performing the network management
functions requested by the network management stations.
Additionally, SNMP is discussed in a number of other RFC
documents:
+ RFC 3000 Internet Official Protocol Standards
+ RFC 1212 Concise MIB Definitions
+ RFC 1213 Management Information Base for Network Management
of TCP/IP-based Internets: MIB-II
+ RFC 1215 A Convention for Defining Traps for use with the
SNMP
+ RFC 1270 SNMP Communications Services
+ RFC 2570 Introduction to Version 3 of the Internet-standard
Network Management Framework
+ RFC 2571 An Architecture for Describing SNMP Management
Frameworks
+ RFC 2572 Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)
+ RFC 2573 SNMP Applications
+ RFC 2574 User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
+ RFC 2575 View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)
+ RFC 2576 Coexistence between Version 1, Version 2, and
Version 3 of the Internet-standard Network Management
Framework
_____________________________________________________________
The CERT Coordination Center thanks the Oulu University Secure
Programming Group for reporting these vulnerabilities to us, for
providing detailed technical analyses, and for assisting us in
preparing this advisory. We also thank Steven M. Bellovin (AT&T
Labs -- Research), Wes Hardaker (Net-SNMP), Steve Moulton (SNMP
Research), Tom Reddington (Bell Labs), Mike Duckett (Bell South),
Rob Thomas, Blue Boar (Thievco), and the many others who
contributed to this document.
_____________________________________________________________
Feedback on this document can be directed to the authors, Ian A.
Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D.
Householder, Marty Lindner, and Art Manion.
__________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2002-03.html
__________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available
from our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and
bulletins, send email to majordomo@cert.org. Please include in the
body of your message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
__________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the
Software Engineering Institute is furnished on an "as is" basis.
Carnegie Mellon University makes no warranties of any kind, either
expressed or implied as to any matter including, but not limited
to, warranty of fitness for a particular purpose or
merchantability, exclusivity or results obtained from use of the
material. Carnegie Mellon University does not make any warranty of
any kind with respect to freedom from patent, trademark, or
copyright infringement.
_____________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
Revision History
February 12, 2002: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU R1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl QUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr uZiMJ5f2SEo= =h42e -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200202-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.0",
"scope": "ne",
"trust": 5.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": "ne",
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "3com",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adtran",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "adventnet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "american power conversion",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "aprisma",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "avaya",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "bea",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "bmc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cnt",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "comtek services",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cscare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cacheflow",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "carrier access",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "compaq computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "computer associates",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "concord",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dart",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "entrada",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "equinox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "fluke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "general datacomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hirschmann",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "iplanet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "itouch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "infovista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "inktomi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "innerdive",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ipswitch",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "karlnet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lantronix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "larscom incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "lucent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mg soft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "marconi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mercury interactive",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "metrobility optical",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "micromuse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "monfox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "multinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "net snmp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "network harmoni",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nbase xyplex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netscout",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netsilicon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "novell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwave",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "optical access",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "perle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "powerware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "radware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "redback",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "riverstone",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "snmp research",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sniffer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sonicwall",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sonus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "the sco group sco unix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "tivoli",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "toshiba",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "unisphere",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "vertical",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "vina",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "wind river",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "world wide packets",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "xerox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "e security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "net com",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "30002.5.2"
},
{
"model": "ios 12.0 xe",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 dc2",
"scope": "ne",
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "snmp",
"scope": "eq",
"trust": 1.0,
"vendor": "snmp",
"version": "*"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "95"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.0 s6",
"scope": "ne",
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nudesign team",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "outback resource group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "veritas",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bintec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "interniche",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ncipher corp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netscreen",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "95"
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "98 scd"
},
{
"model": "windows 9x",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "me"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (workstation)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "windows xp gold",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "5.0"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "4.0.1"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "3.0.1"
},
{
"model": "sunatm",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "2.1"
},
{
"model": "ios 12.0 s7",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e8",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.0 xe?",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "30003.1"
},
{
"model": "ios 12.0 s1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wc1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xu",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db1",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "30003.0.3"
},
{
"model": "ios 12.1 ex",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "snmp",
"scope": null,
"trust": 0.6,
"vendor": "snmp",
"version": null
},
{
"model": "sunnet manager sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.3"
},
{
"model": "sunnet manager intel",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.3"
},
{
"model": "sunmc rr",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "sunmc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "sunmc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.5"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.4"
},
{
"model": "enterprise server ssp",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "100003.3"
},
{
"model": "research mid-level manager",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "research enterpol",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "research dr-web manager",
"scope": "eq",
"trust": 0.3,
"vendor": "snmp",
"version": "15.3"
},
{
"model": "emulex 1gbit fibrechannel hub",
"scope": null,
"trust": 0.3,
"vendor": "sgi",
"version": null
},
{
"model": "brocade",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "2.6.0"
},
{
"model": "networks aos",
"scope": null,
"trust": 0.3,
"vendor": "redback",
"version": null
},
{
"model": "realplayer intranet",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "5.0"
},
{
"model": "software tcpware",
"scope": "eq",
"trust": 0.3,
"vendor": "process",
"version": "5.5"
},
{
"model": "software multinet",
"scope": "eq",
"trust": 0.3,
"vendor": "process",
"version": "4.4"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6.5"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.1"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "5.0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.11"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.2"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.0"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.4.1"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.4"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.3.1"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.3"
},
{
"model": "ipso",
"scope": "eq",
"trust": 0.3,
"vendor": "nokia",
"version": "3.1.3"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.2.1"
},
{
"model": "ucd-snmp",
"scope": "eq",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.1.1"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt workstation sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "domino snmp agents solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1x86"
},
{
"model": "domino snmp agents solaris sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "domino snmp agents hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "lotus",
"version": "5.0.1"
},
{
"model": "lrs",
"scope": null,
"trust": 0.3,
"vendor": "lantronix",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "solutions router ip console",
"scope": "eq",
"trust": 0.3,
"vendor": "innerdive",
"version": "3.3.0.406"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "procurve switch 8000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4108gl-bundle",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4108gl",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 4000m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2525"
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2524"
},
{
"model": "procurve switch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2512"
},
{
"model": "procurve switch 2424m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 2400m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "procurve switch 1600m",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ov/sam",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.10"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.211.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.210.x"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.111.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.110.x"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "openview network node manager nt 4.x/windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.02000"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.011.x"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.010.20"
},
{
"model": "openview network node manager windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.23.51/4.0"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.01"
},
{
"model": "openview network node manager solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.11"
},
{
"model": "openview network node manager hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.11"
},
{
"model": "openview extensible snmp agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.0"
},
{
"model": "openview emanate snmp agent solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.22.x"
},
{
"model": "openview emanate snmp agent hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.211.x"
},
{
"model": "openview emanate snmp agent hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "14.210.20"
},
{
"model": "openview distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "openview distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.03"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.0"
},
{
"model": "mc/serviceguard",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.20.00"
},
{
"model": "jetdirect",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.00"
},
{
"model": "ito/vpo/ovo unix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "ems a.03.20",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ems a.03.10",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ems a.03.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "gzip",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "3.1.02"
},
{
"model": "services nmserver",
"scope": "eq",
"trust": 0.3,
"vendor": "comtek",
"version": "3.4"
},
{
"model": "associates unicenter",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7.1.1"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7.1.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "7"
},
{
"model": "openunix",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "8.0"
},
{
"model": "openserver",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "5.0.6"
},
{
"model": "openserver",
"scope": "eq",
"trust": 0.3,
"vendor": "caldera",
"version": "5.0.5"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.14"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.13"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.12"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0.11"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "4.0"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.21"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.19"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.18"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.17"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.16"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.15"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.14"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.13"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.12"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.11"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.20"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.10"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.09"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.08"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.07"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.06"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.05"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.04"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.03"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1.02"
},
{
"model": "cacheos",
"scope": "eq",
"trust": 0.3,
"vendor": "cacheflow",
"version": "3.1"
},
{
"model": "cacheos",
"scope": null,
"trust": 0.3,
"vendor": "cacheflow",
"version": null
},
{
"model": "web nms msp edition",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "web nms",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "snmp utilities",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "snmp api",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "mediation server",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "management builder",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "fault management toolkit",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "configuration management toolkit",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "cli api",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "agent toolkit java/jmx edition",
"scope": null,
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "agent toolkit c edition",
"scope": "eq",
"trust": 0.3,
"vendor": "adventnet",
"version": null
},
{
"model": "webcache",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "3000"
},
{
"model": "webcache",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1000"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "4900"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "4400"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "3300"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1100"
},
{
"model": "ps hub",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "50"
},
{
"model": "ps hub",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "40"
},
{
"model": "dual speed hub",
"scope": null,
"trust": 0.3,
"vendor": "3com",
"version": null
},
{
"model": "brocade .0d",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "2.6"
},
{
"model": "ipso",
"scope": "ne",
"trust": 0.3,
"vendor": "nokia",
"version": "3.4.2"
},
{
"model": "ucd-snmp",
"scope": "ne",
"trust": 0.3,
"vendor": "net snmp",
"version": "4.2.2"
},
{
"model": "solutions router ip console",
"scope": "ne",
"trust": 0.3,
"vendor": "innerdive",
"version": "3.3.0.407"
},
{
"model": "jetdirect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "x.21.00"
},
{
"model": "jetdirect",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "x.08.32"
},
{
"model": "ios 12.0 wc 2900xl-lre",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "cbos a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4700"
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.7"
},
{
"model": "as5850",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000"
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ca1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.2"
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(4.206)"
},
{
"model": "netranger sensor",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "as5200",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vg248 analog phone gateway",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2gs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ics",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7750"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(8)"
},
{
"model": "ios 12.0 wt6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5.1"
},
{
"model": "traffic director",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.1.0"
},
{
"model": "ios 12.1 e5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ya2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "as5300",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "icdn software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30002.0"
},
{
"model": "cbos b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.2"
},
{
"model": "ios 11.1 cc4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 4840g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 aa4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "39203.0(7)"
},
{
"model": "secure ids network sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7100"
},
{
"model": "cva120",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst native mode",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "560"
},
{
"model": "ios 12.1 ea1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2sa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1005"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.2.0"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.5.015"
},
{
"model": "ios 12.2 mx1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "bpx/igx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12000"
},
{
"model": "content distribution manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4670"
},
{
"model": "ap340",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10700"
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "distributed director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2501"
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intelligent contact manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "ios 12.1 yi1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 2948g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.6"
},
{
"model": "ios 12.1 ew",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(7.202)"
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "local director",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4232"
},
{
"model": "ios 12.1 ec",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "user registration tool vlan policy server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dd3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hosting solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "ios 11.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "igx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 8540csr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8240",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7010"
},
{
"model": "unity server",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst hybrid mode",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "ios 12.0 wc3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "icdn software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "snmpc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.0.4"
},
{
"model": "ios 12.0 st5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0w5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ios 12.0 sl4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.2"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 db2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82301.2.10"
},
{
"model": "ios 12.1 ey",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "ios 12.0 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.4"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82501.2.10"
},
{
"model": "catalyst msm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "nsp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6400"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "info center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.4"
},
{
"model": "ios 12.0 wx5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "arrowpoint cs11000",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "secure ids host sensor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2950"
},
{
"model": "ios 11.1 ct",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ubr7200",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ia",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 8540msr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154544.0(1)"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.1 t12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "microswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1548"
},
{
"model": "ios 12.1 e12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.0 sx",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "access registrar",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4000"
},
{
"model": "ios 12.0 st",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 8510csr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bpx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xz7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2920"
},
{
"model": "ios 12.1 ea1b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2p",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2600"
},
{
"model": "as5800",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 p2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6200"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1700"
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "507"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7000"
},
{
"model": "ios 12.1 e7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5.1"
},
{
"model": "ios 12.2 t1a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "ios 12.2 xa5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.1"
},
{
"model": "ios 12.1 ew1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ca",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.053"
},
{
"model": "catalyst 2948g-l3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2900"
},
{
"model": "ios 12.2 mb3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "ios 12.2 t0a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7"
},
{
"model": "ios 12.0 wc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ap350",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sl6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "as5400",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst xl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3500"
},
{
"model": "ios 12.0 wc2b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1400"
},
{
"model": "ios 12.1 yb5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.1"
},
{
"model": "ios 12.1 e6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.0 sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.8"
},
{
"model": "ubr900",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "ios 12.2 xb4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.0 t2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 sa6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sc2200/vsc3000",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "wan manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xm2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6400"
},
{
"model": "infocenter",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "cache engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "570"
},
{
"model": "call manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sc3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 bc1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ex",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8260",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.1.4"
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.0"
},
{
"model": "ios 12.2 xj1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc1a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "ios 12.1 xm7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ios 12.1 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4430"
},
{
"model": "catalyst supervisor module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "ap352",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7600"
},
{
"model": "internet cdn content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(7)xv"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.2da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cache engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "505"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "catalyst xl",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2900"
},
{
"model": "netranger",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "ios 12.1 ex3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "ios 12.0sl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "br350",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "ios 12.2 xt3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "content delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4650"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "ios 12.0 st3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4500"
},
{
"model": "ios 12.2 xw1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 da3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "br352",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.0"
},
{
"model": "ons metro edge optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15327"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "microhub",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1500"
},
{
"model": "ios 12.2 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7320"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3"
},
{
"model": "ios 12.0sc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4232-13"
},
{
"model": "ios 11.0",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst msfc2",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "mgx-8220",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "element management framework",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3600"
},
{
"model": "catalyst 4908g-l3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "wgb340",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ciscoworks windows/wug",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ios 12.0 s2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8850 r1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 gs6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82501.2.11"
},
{
"model": "ios 12.0 xf1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "rsfc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "building broadband service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "ios 12.1 ec1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 ia",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ws-x6624",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "vpn concentrator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30003.5"
},
{
"model": "ios 11.1 ca2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "icdn software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "secure pix firewall",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7500"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3200"
},
{
"model": "ios 12.2 xi1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "82301.2.11"
},
{
"model": "switchprobe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "wgb352",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cat6k nam",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "br340",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xf5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fasthub",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4001.0"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.1 ea2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "rsm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nrp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6400"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.4"
},
{
"model": "ws-x6608",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 by2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1600"
},
{
"model": "ios 12.1 xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xl4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xs?",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.9"
},
{
"model": "catalyst 8510msr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xm1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2500"
},
{
"model": "ios 12.2 ya1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "service expansion shelf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst msfc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6000"
},
{
"model": "ons optical transport platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154543.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "ios 12.0 xe1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "iad",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8110"
},
{
"model": "ios 12.1 ex4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xe2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4000"
},
{
"model": "ios 12.1 e9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "ios 11.1ct",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "ios 12.1 xp",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7300"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3550"
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mgx-8850 r2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "internet cdn content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "590"
},
{
"model": "ciscoworks windows",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.2"
},
{
"model": "ios 12.2 xk2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "esr",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "ls1010 atm switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 dc1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.3.7.002"
},
{
"model": "content router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4450"
},
{
"model": "ios 12.1 xi8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3900"
},
{
"model": "ios 11.3 db1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "800"
},
{
"model": "mc3810",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 by",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "as5350",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1cc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7200"
},
{
"model": "content delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4630"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(4)"
},
{
"model": "catalyst 4912g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "intelligent contact manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "cbos ap",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.4.2"
},
{
"model": "ios 12.0dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.1"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ubr10000",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cbos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:snmp:snmp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2002-0013",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0013",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#107186",
"trust": 0.8,
"value": "69.26"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#854306",
"trust": 0.8,
"value": "42.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200202-004",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2002-0013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ SNMP Protocol is status and performance information MIB (Management Information Base) Protocol used to exchange Management side SNMP Managers such as managed routers, switches and printers SNMP Communicates with management network devices called agents. Because of its wide acceptance in the market, SNMP Has become the standard for SNMP protocol version1 Is SNMPv1 Is the most widely implemented. this SNMPv1 Sent from the agent to the manager in the implementation of SNMP Trap message and sent from the manager to the agent SNMP Decrypt the request message / There are problems in interpreting. If this problem is used by an attacker, the following actions may be executed. Many other programs that you implement may also be affected because of a protocol problem. On the target host SNMP If the service is running, an attacker could execute arbitrary code \u30fb If a buffer overflow attack is feasible and a very long trap message SNMP If the host on which the service is running receives, the application may go into a denial of service state The effects described above vary from application to application. For details, refer to each product.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Windows 95 is prone to a denial-of-service vulnerability. It is possible to crash the service by transmitting to it a maliciously constructed SNMPv1 request PDU. \nThe resultant crash may be due to a buffer overflow condition. If this is the case, attackers may be able to exploit this vulnerability to execute arbitrary code. \nMultiple vulnerabilities have been discovered in a number of SNMP implementations. The vulnerabilities are known to exist in the process of decoding and interpreting SNMP request messages. \nAmong the possible consequences are denial of service and allowing attackers to compromise target systems. These depend on the individual vulnerabilities in each affected product. A general report for multiple vendors was initially published on February 12 (Bugtraq IDs 4088 and 4089), however more information is now available and a separate Bugtraq ID has been allocated for the Cisco Operating Systems and Appliances vulnerabilities. \nIt is reportedly possible for a remote attacker to create a denial of service condition by transmitting a malformed SNMP request to a vulnerable Cisco Operating System or Appliance. The affected device may reset, or require a manual reset to regain functionality. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2002-03: Multiple Vulnerabilities in Many\nImplementations of the Simple Network Management Protocol (SNMP)\n\n Original release date: February 12, 2002\n Last revised: --\n Source: CERT/CC\n\n A complete revision history can be found at the end of this file. \n\nSystems Affected\n\n Products from a very wide variety of vendors may be affected. See\n Vendor Information for details from vendors who have provided feedback\n for this advisory. \n\n In addition to the vendors who provided feedback for this advisory, a\n list of vendors whom CERT/CC contacted regarding these problems is\n available from\n http://www.kb.cert.org/vuls/id/854306\n http://www.kb.cert.org/vuls/id/107186 \n\n Many other systems making use of SNMP may also be vulnerable but were\n not specifically tested. \n\n In addition to this advisory, we also have an FAQ available at\n http://www.cert.org/tech_tips/snmp_faq.html\n\nI. \n Version 1 of the protocol (SNMPv1) defines several types of SNMP\n messages that are used to request information or configuration\n changes, respond to requests, enumerate SNMP objects, and send\n unsolicited alerts. The Oulu University Secure Programming Group\n (OUSPG, http://www.ee.oulu.fi/research/ouspg/) has reported numerous\n vulnerabilities in SNMPv1 implementations from many different vendors. \n More information about SNMP and OUSPG can be found in Appendix C\n\n OUSPG\u0027s research focused on the manner in which SNMPv1 agents and\n managers handle request and trap messages. A trap message\n may indicate a warning or error condition or otherwise notify the\n manager about the agent\u0027s state. Request\n messages might be issued to obtain information from an agent or to\n instruct the agent to configure the host device. \n\n Vulnerabilities in the decoding and subsequent processing of SNMP\n messages by both managers and agents may result in denial-of-service\n conditions, format string vulnerabilities, and buffer overflows. Some\n vulnerabilities do not require the SNMP message to use the correct\n SNMP community string. \n\n These vulnerabilities have been assigned the CVE identifiers\n CAN-2002-0012 and CAN-2002-0013, respectively. \n\nII. \n\nIII. Solution\n\n Note that many of the mitigation steps recommended below may have\n significant impact on your everyday network operations and/or network\n architecture. Ensure that any changes made based on the following\n recommendations will not unacceptably affect your ongoing network\n operations capability. \n\nApply a patch from your vendor\n\n Appendix A contains information provided by vendors for this advisory. \n Please consult this appendix to determine if you need to contact your\n vendor directly. \n\nDisable the SNMP service\n\n As a general rule, the CERT/CC recommends disabling any service or\n capability that is not explicitly required, including SNMP. \n Unfortunately, some of the affected products exhibited unexpected\n behavior or denial of service conditions when exposed to the OUSPG\n test suite even if SNMP was not enabled. In these cases, disabling\n SNMP should be used in conjunction with the filtering practices listed\n below to provide additional protection. \n\nIngress filtering\n\n As a temporary measure, it may be possible to limit the scope of these\n vulnerabilities by blocking access to SNMP services at the network\n perimeter. \n\n Ingress filtering manages the flow of traffic as it enters a network\n under your administrative control. Servers are typically the only\n machines that need to accept inbound traffic from the public Internet. \n In the network usage policy of many sites, there are few reasons for\n external hosts to initiate inbound traffic to machines that provide no\n public services. Thus, ingress filtering should be performed at the\n border to prohibit externally initiated inbound traffic to\n non-authorized services. For SNMP, ingress filtering of the following\n ports can prevent attackers outside of your network from impacting\n vulnerable devices in the local network that are not explicitly\n authorized to provide public SNMP services. \n\n snmp 161/udp # Simple Network Management Protocol (SNMP)\n snmp 162/udp # SNMP system management messages\n\n The following services are less common, but may be used on some\n affected products\n\n snmp 161/tcp # Simple Network Management Protocol\n (SNMP)\n snmp 162/tcp # SNMP system management messages\n smux 199/tcp # SNMP Unix Multiplexer\n smux 199/udp # SNMP Unix Multiplexer\n synoptics-relay 391/tcp # SynOptics SNMP Relay Port\n synoptics-relay 391/udp # SynOptics SNMP Relay Port\n agentx 705/tcp # AgentX\n snmp-tcp-port 1993/tcp # cisco SNMP TCP port\n snmp-tcp-port 1993/udp # cisco SNMP TCP port\n\n As noted above, you should carefully consider the impact of blocking\n services that you may be using. \n\n It is important to note that in many SNMP implementations, the SNMP\n daemon may bind to all IP interfaces on the device. This has important\n consequences when considering appropriate packet filtering measures\n required to protect an SNMP-enabled device. For example, even if a\n device disallows SNMP packets directed to the IP addresses of its\n normal network interfaces, it may still be possible to exploit these\n vulnerabilities on that device through the use of packets directed at\n the following IP addresses:\n * \"all-ones\" broadcast address\n * subnet broadcast address\n * any internal loopback addresses (commonly used in routers for\n management purposes, not to be confused with the IP stack loopback\n address 127.0.0.1)\n\n Careful consideration should be given to addresses of the types\n mentioned above by sites planning for packet filtering as part of\n their mitigation strategy for these vulnerabilities. \n\n Finally, sites may wish to block access to the following RPC services\n related to SNMP (listed as name, program ID, alternate names)\n\n snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys\n snmp-utk\n snmpv2 100138 na.snmpv2 # SNM Version 2.2.2\n snmpXdmid 100249\n\n Please note that this workaround may not protect vulnerable devices\n from internal attacks. \n\nFilter SNMP traffic from non-authorized internal hosts\n\n In many networks, only a limited number of network management systems\n need to originate SNMP request messages. This can reduce, but not wholly eliminate, the\n risk from internal attacks. However, it may have detrimental effects\n on network performance due to the increased load imposed by the\n filtering, so careful consideration is required before implementation. \n Similar caveats to the previous workaround regarding broadcast and\n loopback addresses apply. \n\nChange default community strings\n\n Most SNMP-enabled products ship with default community strings of\n \"public\" for read-only access and \"private\" for read-write access. As\n with any known default access control mechanism, the CERT/CC\n recommends that network administrators change these community strings\n to something of their own choosing. However, even when community\n strings are changed from their defaults, they will still be passed in\n plaintext and are therefore subject to packet sniffing attacks. SNMPv3\n offers additional capabilities to ensure authentication and privacy as\n described in RFC2574. \n\n Because many of the vulnerabilities identified in this advisory occur\n before the community strings are evaluated, it is important to note\n that performing this step alone is not sufficient to mitigate the\n impact of these vulnerabilities. Nonetheless, it should be performed\n as part of good security practice. \n\nSegregate SNMP traffic onto a separate management network\n\n In situations where blocking or disabling SNMP is not possible,\n exposure to these vulnerabilities may be limited by restricting all\n SNMP access to separate, isolated management networks that are not\n publicly accessible. Although this would ideally involve physically\n separate networks, that kind of separation is probably not feasible in\n most environments. Mechanisms such as virtual LANs (VLANs) may be used\n to help segregate traffic on the same physical network. Note that\n VLANs may not strictly prevent an attacker from exploiting these\n vulnerabilities, but they may make it more difficult to initiate the\n attacks. \n\n Another option is for sites to restrict SNMP traffic to separate\n virtual private networks (VPNs), which employ cryptographically strong\n authentication. \n\n Note that these solutions may require extensive changes to a site\u0027s\n network architecture. \n\nEgress filtering\n\n Egress filtering manages the flow of traffic as it leaves a network\n under your administrative control. There is typically limited need for\n machines providing public services to initiate outbound traffic to the\n Internet. In the case of SNMP vulnerabilities, employing egress\n filtering on the ports listed above at your network border can prevent\n your network from being used as a source for attacks on other sites. \n\nDisable stack execution\n\n Disabling executable stacks (on systems where this is configurable)\n can reduce the risk of \"stack smashing\" attacks based on these\n vulnerabilities. Although this does not provide 100 percent protection\n against exploitation of these vulnerabilities, it makes the likelihood\n of a successful exploit much smaller. On many UNIX systems, executable\n stacks can be disabled by adding the following lines to /etc/system:\n\n set noexec_user_stack = 1 set noexec_user_stack_log = 1\n\n Note that this may go against the SPARC and Intel ABIs and can be\n bypassed as required in programs with mprotect(2). For the changes to\n take effect you will then need to reboot. \n\n Other operating systems and architectures also support the disabling\n of executable stacks either through native configuration parameters or\n via third-party software. Consult your vendor(s) for additional\n information. \n\nShare tools and techniques\n\n Because dealing with these vulnerabilities to systems and networks is\n so complex, the CERT/CC will provide a forum where administrators can\n share ideas and techniques that can be used to develop proper\n defenses. We have created an unmoderated mailing list for system and\n network administrators to discuss helpful techniques and tools. \n\n You can subscribe to the mailing list by sending an email message to\n majordomo@cert.org. In the body of the message, type\n\n subscribe snmp-forum\n\n After you receive the confirmation message, follow the instructions in\n the message to complete the subscription process. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. As vendors report new information to the CERT/CC, we will\n update this section and note the changes in our revision history. If a\n particular vendor is not listed below, we have not received their\n comments. \n\nAdventNet\n\n This is in reference to your notification regarding [VU#107186 and\n VU#854306] and OUSPG#0100. AdventNet Inc. has reproduced this\n behavior in their products and coded a Service Pack fix which is\n currently in regression testing in AdventNet Inc.\u0027s Q.A. \n organization. The release of AdventNet Inc\u0027s. Service Pack\n correcting the behavior outlined in VU#617947, and OUSPG#0100 is\n scheduled to be generally available to all of AdventNet Inc.\u0027s\n customers by February 20, 2002. \n\nAvaya\n\n Avaya Inc. \n\nCacheFlow\n\n The purpose of this email is to advise you that CacheFlow Inc. has\n provided a software update. Please be advised that updated versions\n of the software are now available for all supported CacheFlow\n hardware platforms, and may be obtained by CacheFlow customers at\n the following URL:\n\n http://download.cacheflow.com/\n\n The specific reference to the software update is contained within the\n Release Notes for CacheOS Versions 3.1.22 Release ID 17146, 4.0.15\n Release ID 17148, 4.1.02 Release ID 17144 and 4.0.15 Release ID 17149. \n\n RELEASE NOTES FOR CACHEFLOW SERVER ACCELERATOR PRODUCTS:\n * http://download.cacheflow.com/release/SA/4.0.15/relnotes.htm\n\n RELEASE NOTES FOR CACHEFLOW CONTENT ACCELERATOR PRODUCTS:\n * http://download.cacheflow.com/release/CA/3.1.22/relnotes.htm\n * http://download.cacheflow.com/release/CA/4.0.15/relnotes.htm\n * http://download.cacheflow.com/release/CA/4.1.02/relnotes.htm\n\n * SR 1-1647517, VI 13045: This update modified a potential\n vulnerability by using an SNMP test tools exploit. \n\n3Com Corporation\n\n A vulnerability to an SNMP packet with an invalid length community\n string has been resolved in the following products. Customers\n concerned about this weakness should ensure that they upgrade to\n the following agent versions:\n PS Hub 40\n 2.16 is due Feb 2002\n PS Hub 50\n 2.16 is due Feb 2002\n Dual Speed Hub\n 2.16 is due Jan 2002\n Switch 1100/3300\n 2.68 is available now\n Switch 4400\n 2.02 is available now\n Switch 4900\n 2.04 is available now\n WebCache1000/3000\n 2.00 is due Jan 2002\n\nCaldera\n\n Caldera International, Inc. has reproduced faulty behavior in\n Caldera SCO OpenServer 5, Caldera UnixWare 7, and Caldera Open UNIX\n 8. We have coded a software fix for supported versions of Caldera\n UnixWare 7 and Caldera Open UNIX 8 that will be available from\n our support site at http://stage.caldera.com/support/security\n immediately following the publication of this CERT announcement. A\n fix for supported versions of OpenServer 5 will be available at a\n later date. \n\nCisco Systems\n\n Cisco Systems is addressing the vulnerabilities identified by\n VU#854306 and VU#107186 across its entire product line. Cisco will\n publish a security advisory with further details at\n http://www.cisco.com/go/psirt/. \n\nCompaq Computer Corporation\n\n x-ref: SSRT0779U SNMP\n At the time of writing this document, COMPAQ continues to evaluate\n this potential problem and when new versions of SNMP are available,\n COMPAQ will implement solutions based on the new code. Compaq will\n provide notice of any new patches as a result of that effort\n through standard patch notification procedures and be available\n from your normal Compaq Services support channel. \n\nComputer Associates\n\n Computer Associates has confirmed Unicenter vulnerability to the\n SNMP advisory identified by CERT notification reference [VU#107186\n \u0026 VU#854306] and OUSPG#0100. We have produced corrective\n maintenance to address these vulnerabilities, which is in the\n process of publication for all applicable releases / platforms and\n will be offered through the CA Support site. Please contact our\n Technical Support organization for information regarding\n availability / applicability for your specific configuration(s). \n\nCOMTEK Services, Inc. \n\n NMServer for AS/400 is not an SNMP master and is therefore not\n vulnerable. However this product requires the use of the AS/400\n SNMP master agent supplied by IBM. \n\n NMServer for OpenVMS has been tested and has shown to be\n vulnerable. COMTEK Services is preparing a new release of this\n product (version 3.5) which will contain a fix for this problem. \n This new release is scheduled to be available in February 2002. \n Contact COMTEK Services for further information. \n\n NMServer for VOS has not as yet been tested; vulnerability of this\n agent is unknown. Contact for further information on the testing\n schedule of the VOS product. \n\nCovalent Technologies\n\n Covalent Technologies ERS (Enterprise Ready Server), Secure Server,\n and Conductor SNMP module are not vulnerable according to testing\n performed in accordance with CERT recommendations. Security\n information for Covalent products can be found at www.covalent.net\n\nDartware, LLC\n\n Dartware, LLC (www.dartware.com) supplies two products that use\n SNMPv1 in a manager role, InterMapper and SNMP Watcher. This statement applies to all present\n and past versions of these two software packages. \n\nDMH Software\n\n DMH Software is in the process of evaluating and attempting to\n reproduce this behavior. \n It is unclear at this point if our snmp-agent is sensitive to the\n tests described above. \n If any problems will be discovered, DMH Software will code a\n software fix. \n The release of DMH Software OS correcting the behavior outlined in\n VU#854306, VU#107186, and OUSPG#0100 will be generally available to\n all of DMH Software\u0027s customers as soon as possible. \n\nEnGarde Secure Linux\n\n EnGarde Secure Linux did not ship any SNMP packages in version\n 1.0.1 of our distribution, so we are not vulnerable to either bug. \n\nFreeBSD\n\n FreeBSD does not include any SNMP software by default, and so is\n not vulnerable. However, the FreeBSD Ports Collection contains the\n UCD-SNMP / NET-SNMP package. Package versions prior to\n ucd-snmp-4.2.3 are vulnerable. The upcoming FreeBSD 4.5 release\n will ship the corrected version of the UCD-SNMP / NET-SNMP\n package. In addition, the corrected version of the packages is\n available from the FreeBSD mirrors. \n\n FreeBSD has issued the following FreeBSD Security Advisory\n regarding the UCD-SNMP / NET-SNMP package:\n ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09. \n snmp.asc. \n\nHewlett-Packard Company\n\n SUMMARY - known vulnerable:\n ========================================\n hp procurve switch 2524\n NNM (Network Node Manager)\n JetDirect Firmware (Older versions only)\n HP-UX Systems running snmpd or OPENVIEW\n MC/ServiceGuard\n EMS\n Still under investigation:\n SNMP/iX (MPE/iX)\n ========================================\n _________________________________________________________\n ---------------------------------------------------------\n hp procurve switch 2524 \n ---------------------------------------------------------\n hp procurve switch 2525 (product J4813A) is vulnerable to some\n issues, patches in process. Watch for the associated HP\n Security Bulletin. \n ---------------------------------------------------------\n NNM (Network Node Manager)\n ---------------------------------------------------------\n Some problems were found in NNM product were related to\n trap handling. Patches in process. Watch for the\n associated HP Security Bulletin. \n ---------------------------------------------------------\n JetDirect Firmware (Older versions only)\n ---------------------------------------------------------\n ONLY some older versions of JetDirect Firmware are\n vulnerable to some of the issues. The older firmware\n can be upgraded in most cases, see list below. \n JetDirect Firmware Version State\n ========================== =====\n X.08.32 and higher NOT Vulnerable\n X.21.00 and higher NOT Vulnerable\n JetDirect Product Numbers that can be freely\n upgraded to X.08.32 or X.21.00 or higher firmware. \n EIO (Peripherals Laserjet 4000, 5000, 8000, etc...)\n J3110A 10T\n J3111A 10T/10B2/LocalTalk\n J3112A Token Ring (discontinued)\n J3113A 10/100 (discontinued)\n J4169A 10/100\n J4167A Token Ring\n MIO (Peripherals LaserJet 4, 4si, 5si, etc...)\n J2550A/B 10T (discontinued)\n J2552A/B 10T/10Base2/LocalTalk (discontinued)\n J2555A/B Token Ring (discontinued)\n J4100A 10/100\n J4105A Token Ring\n J4106A 10T\n External Print Servers\n J2591A EX+ (discontinued)\n J2593A EX+3 10T/10B2 (discontinued)\n J2594A EX+3 Token Ring (discontinued)\n J3263A 300X 10/100\n J3264A 500X Token Ring\n J3265A 500X 10/100\n ----------------------------------------------------------\n HP-UX Systems running snmpd or OPENVIEW\n ----------------------------------------------------------\n The following patches are available now:\n PHSS_26137 s700_800 10.20 OV EMANATE14.2 Agent Consolidated Patch\n PHSS_26138 s700_800 11.X OV EMANATE14.2 Agent Consolidated Patch\n PSOV_03087 EMANATE Release 14.2 Solaris 2.X Agent Consolidated\n Patch\n All three patches are available from:\n http://support.openview.hp.com/cpe/patches/\n In addition PHSS_26137 and PHSS_26138 will soon be available from:\n http://itrc.hp.com\n ================================================================\n NOTE: The patches are labeled OV(Open View). However, the patches\n are also applicable to systems that are not running Open View. \n =================================================================\n Any HP-UX 10.X or 11.X system running snmpd or snmpdm is\n vulnerable. \n To determine if your HP-UX system has snmpd or snmpdm installed:\n swlist -l file | grep snmpd\n If a patch is not available for your platform or you cannot install\n an available patch, snmpd and snmpdm can be disabled by removing\n their\n entries from /etc/services and removing the execute permissions\n from\n /usr/sbin/snmpd and /usr/sbin/snmpdm. \n ----------------------------------------------------------------\n Investigation completed, systems vulnerable. \n ----------------------------------------------------------------\n MC/ServiceGuard\n Event Monitoring System (EMS)\n ----------------------------------------------------------------\n Still under investigation:\n ----------------------------------------------------------------\n SNMP/iX (MPE/iX)\n\nHirschmann Electronics GmbH \u0026 Co. KG\n\n Hirschmann Electronics GmbH \u0026 Co. KG supplies a broad range of\n networking products, some of which are affected by the SNMP\n vulnerabilities identified by CERT Coordination Center. Hirschmann customers may contact our Competence\n Center (phone +49-7127-14-1538, email:\n ans-support@nt.hirschmann.de) for additional information,\n especially regarding availability of latest firmware releases\n addressing the SNMP vulnerabilities. \n\nIBM Corporation\n\n Based upon the results of running the test suites we have\n determined that our version of SNMP shipped with AIX is NOT\n vulnerable. \n\nInnerdive Solutions, LLC\n\n Innerdive Solutions, LLC has two SNMP based products:\n 1. The \"SNMP MIB Scout\"\n (http://www.innerdive.com/products/mibscout/)\n 2. The \"Router IP Console\" (http://www.innerdive.com/products/ric/)\n The \"SNMP MIB Scout\" is not vulnerable to either bug. \n The \"Router IP Console\" releases prior to 3.3.0.407 are vulnerable. \n The release of \"Router IP Console\" correcting the behavior outlined\n in OUSPG#0100 is 3.3.0.407 and is already available on our site. \n Also, we will notify all our customers about this new release no\n later than March 5, 2002. \n\nJuniper Networks\n\n This is in reference to your notification regarding CAN-2002-0012\n and CAN-2002-0013. Juniper Networks has reproduced this behavior\n and coded a software fix. The fix will be included in all releases\n of JUNOS Internet software built after January 5, 2002. Customers\n with current support contracts can download new software with the\n fix from Juniper\u0027s web site at www.juniper.net. \n Note: The behavior described in CAN-2002-0012 and CAN-2002-0013 can\n only be reproduced in JUNOS Internet software if certain tracing\n options are enabled. These options are generally not enabled in\n production routers. \n\nLantronix, Inc. \n\n Lantronix is committed to resolving security issues with our\n products. The SNMP security bug you reported has been fixed in LRS\n firmware version B1.3/611(020123). \n\nLotus Development Corporation\n\n Lotus Software evaluated the Lotus Domino Server for\n vulnerabilities using the test suite materials provided by OUSPG. \n This problem does not affect default installations of the Domino\n Server. However, SNMP agents can be installed from the CD to\n provide SNMP services for the Domino Server (these are located in\n the /apps/sysmgmt/agents directory). The optional platform\n specific master and encapsulator agents included with the Lotus\n Domino SNMP Agents for HP-UX and Solaris have been found to be\n vulnerable. For those platforms, customers should upgrade to\n version R5.0.1 a of the Lotus Domino SNMP Agents, available for\n download from the Lotus Knowledge Base on the IBM Support Web Site\n (http://www.ibm.com/software/lotus/support/). Please refer to\n Document #191059, \"Lotus Domino SNMP Agents R5.0.1a\", also in the\n Lotus Knowledge Base, for more details. \n\nLOGEC Systems Inc\n\n The products from LOGEC Systems are exposed to SNMP only via HP\n OpenView. We do not have an implementation of SNMP ourselves. As\n such, there is nothing in our products that would be an issue with\n this alert. \n\nLucent\n\n Lucent is aware of reports that there is a vulnerability in certain\n implementations of the SNMP (Simple Network Management Protocol)\n code that is used in data switches and other hardware throughout\n the telecom industry. \n As soon as we were notified by CERT, we began assessing our product\n portfolio and notifying customers with products that might be\n affected. \n Our 5ESS switch and most of our optical portfolio were not\n affected. Our core and edge ATM switches and most of our edge\n access products are affected, but we have developed, tested, and\n deployed fixes for many of those products to our customers. \n We consider the security and reliability of our customers\u0027 networks\n to be one of our critical measures of success. We take every\n reasonable measure to ensure their satisfaction. \n In addition, we are working with customers on ways to further\n enhance the security they have in place today. \n\nMarconi\n\n Marconi supplies a broad range of telecommunications and related\n products, some of which are affected by the SNMP vulnerabilities\n identified here. Those\n Marconi customers with support entitlement may contact the\n appropriate Technical Assistance Center (TAC) for additional\n information. Those not under support entitlement may contact their\n sales representative. \n\nMicrosoft Corporation\n\n The Microsoft Security Reponse [sic] Center has investigated this\n issue, and provides the following information. The SNMP v1 service is not installed or running by\n default on any version of Windows. A patch is underway to eliminate\n the vulnerability. In the meantime, we recommend that affected\n customers disable the SNMP v1 service. \n\n Details:\n An SNMP v1 service ships on the CDs for Windows 95, 98, and 98SE. \n It is not installed or running by default on any of these\n platforms. An SNMP v1 is NOT provided for Windows ME. However, it\n is possible that Windows 98 machines which had the service\n installed and were upgraded would still have the service. Since\n SNMP is not supported for WinME, customers in this situation are\n urged to remove the SNMP service. \n An SNMP v1 service is available on Windows NT 4.0 (including\n Terminal Server Edition) and Windows 2000 but is not installed or\n running by default on any of these platforms.Windows XP does not\n ship with an SNMP v1 service. \n\n Remediation:\n A patch is underway for the affected platforms, and will be\n released shortly. In the meantime, Microsoft recommends that\n customers who have the SNMP v1 service running disable it to\n protect their systems. Following are instruction for doing this:\n\n Windows 95, 98 and 98SE:\n 1. In Control Panel, double-click Network. \n 2. On the Configuration tab, select Microsoft SNMP Agent from the\n list of installed components. \n 3. Click Remove\n\n Check the following keys and confirm that snmp.exe is not listed. \n HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunSer\n vices\n HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n \n For Windows XP:\n 1. Right-click on My Computer and select Manage\n 2. Click on Services and Applications, then on Services\n 3. Location SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close the Computer\n Management window. \n \n For Windows NT 4.0 (including Terminal Server Edition):\n 1. Select Start, then Settings. \n 2. Select Control Panel, then click on the Services Icon\n 3. Locate SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close Control Panel\n\n Windows 2000:\n 1. Right-click on My Computer and select Manage\n 2. Click on Services and Applications, then on Services\n 3. Location SNMP on the list of services, then select it and click\n Stop. \n 4. Select Startup, and click Disabled. \n 5. Click OK to close the dialoge [sic], then close the Computer\n Management window. \n\nMultinet\n\n MultiNet and TCPware customers should contact Process Software to\n check for the availability of patches for this issue. A couple of\n minor problems were found and fixed, but there is no security risk\n related to the SNMP code included with either product. \n\nNetaphor\n\n NETAPHOR SOFTWARE INC. is the creator of Cyberons for Java -- SNMP\n Manager Toolkit and Cyberons for Java -- NMS Application Toolkit,\n two Java based products that may be affected by the SNMP\n vulnerabilities identified here. The manner in which they are\n affected and the actions required (if any) to avoid being impacted\n by exploitation of these vulnerabilities, may be obtained by\n contacting Netaphor via email at info@netaphor.com Customers with\n annual support may contact support@netaphor.com directly. Those not\n under support entitlement may contact Netaphor sales:\n sales@netaphor.com or (949) 470 7955 in USA. \n\nNetBSD\n\n NetBSD does not ship with any SNMP tools in our \u0027base\u0027 releases. We\n do provide optional packages which provide various support for\n SNMP. These packages are not installed by default, nor are they\n currently provided as an install option by the operating system\n installation tools. A system administrator/end-user has to manually\n install this with our package management tools. These SNMP packages\n include:\n + netsaint-plugin-snmp-1.2.8.4 (SNMP monitoring plug-in for\n netsaint)\n + p5-Net-SNMP-3.60 (perl5 module for SNMP queries)\n + p5-SNMP-3.1.0 (Perl5 module for interfacing to the UCD SNMP\n library\n + p5-SNMP_Session-0.83 (perl5 module providing rudimentary\n access to remote SNMP agents)\n + ucd-snmp-4.2.1 (Extensible SNMP implementation) (conflicts\n with ucd-snmp-4.1.2)\n + ucd-snmp-4.1.2 (Extensible SNMP implementation) (conflicts\n with ucd-snmp-4.2.1)\n\n We do provide a software monitoring mechanism called\n \u0027audit-packages\u0027, which allows us to highlight if a package with a\n range of versions has a potential vulnerability, and recommends\n that the end-user upgrade the packages in question. \n\nNetscape Communications Corporation\n\n Netscape continues to be committed to maintaining a high level of\n quality in our software and service offerings. Part of this\n commitment includes prompt response to security issues discovered\n by organizations such as the CERT Coordination Center. \n According to a recent CERT/CC advisory, The Oulu University Secure\n Programming Group (OUSPG) has reported numerous vulnerabilities in\n multiple vendor SNMPv1 implementations. \n We have carefully examined the reported findings, performing the\n tests suggested by the OUSPG to determine whether Netscape server\n products were subject to these vulnerabilities. It was determined\n that several products fell into this category. As a result, we have\n created fixes which will resolve the issues, and these fixes will\n appear in future releases of our product line. To Netscape\u0027s\n knowledge, there are no known instances of these vulnerabilities\n being exploited and no customers have been affected to date. \n When such security warnings are issued, Netscape has committed to -\n and will continue to commit to - resolving these issues in a prompt\n and timely fashion, ensuring that our customers receive products of\n the highest quality and security. \n\nNET-SNMP\n\n All ucd-snmp version prior to 4.2.2 are susceptible to this\n vulnerability and users of versions prior to version 4.2.2 are\n encouraged to upgrade their software as soon as possible\n (http://www.net-snmp.org/download/). Version 4.2.2 and higher are\n not susceptible. \n\nNetwork Associates\n\n PGP is not affected, impacted, or otherwise related to this VU#. \n\nNetwork Computing Technologies\n\n Network Computing Technologies has reviewed the information\n regarding SNMP vulnerabilities and is currently investigating the\n impact to our products. \n\nNokia\n\n This vulnerability is known to affect IPSO versions 3.1.3, 3.3,\n 3.3.1, 3.4, and 3.4.1. Patches are currently available for\n versions 3.3, 3.3.1, 3.4 and 3.4.1 for download from the Nokia\n website. In addition, version 3.4.2 shipped with the patch\n incorporated, and the necessary fix will be included in all future\n releases of IPSO. \n We recommend customers install the patch immediately or follow the\n recommended precautions below to avoid any potential exploit. \n If you are not using SNMP services, including Traps, simply disable\n the SNMP daemon to completely eliminate the potential\n vulnerability. \n If you are using only SNMP Traps and running Check Point\n FireWall-1, create a firewall policy to disallow incoming SNMP\n messages on all appropriate interfaces. Traps will continue to work\n normally. \n\nNortel Networks\n\n The CERT Coordination Center has issued a broad based alert to the\n technology industry, including Nortel Networks, regarding potential\n security vulnerabilities identified in the Simple Network\n Management Protocol (SNMP), a common networking standard. The\n company is working with CERT and other network equipment\n manufacturers, the U.S. Government, service providers, and software\n suppliers to assess and address this issue. \n\nNovell\n\n Novell ships SNMP.NLM and SNMPLOG.NLM with NetWare 4.x, NetWare 5.x\n and 6.0 systems. The SNMP and SNMPLOG vulnerabilities detected on\n NetWare are fixed and will be available through NetWare 6 Support\n Pack 1 \u0026 NetWare 5.1 Support Pack 4. Support packs are available at\n http://support.novell.com/tools/csp/\n\nOpenBSD\n\n OpenBSD does not ship SNMP code. \n\nQualcomm\n\n WorldMail does not support SNMP by default, so customers who run\n unmodified installations are not vulnerable. \n\nRedback Networks, Inc. \n\n Redback Networks, Inc. has identified that the vulnerability in\n question affects certain versions of AOS software on the SMS 500,\n SMS 1800, and SMS 10000 platforms, and is taking the appropriate\n steps necessary to correct the issue. \n\nRed Hat\n\n RedHat has released a security advisiory [sic] at\n http://www.redhat.com/support/errata/RHSA-2001-163.html\n with updated versions of the ucd-snmp package for all supported\n releases and architectures. For more information or to download the\n update please visit this page. \n\nSGI\n\n SGI acknowledges the SNMP vulnerabilities reported by CERT and is\n currently investigating. \n For the protection of all our customers, SGI does not disclose,\n discuss or confirm vulnerabilities until a full investigation has\n occurred and any necessary patch(es) or release streams are\n available for all vulnerable and supported IRIX operating systems. \n Until SGI has more definitive information to provide, customers are\n encouraged to assume all security vulnerabilities as exploitable\n and take appropriate steps according to local site security\n policies and requirements. As further information becomes\n available, additional advisories will be issued via the normal SGI\n security information distribution methods including the wiretap\n mailing list on http://www.sgi.com/support/security/. \n\nSNMP Research International\n\n SNMP Research has made the following vendor statement. They are\n likely to revise and expand the statement as the date for the\n public vulnerability announcement draws nearer. Users maintaining\n earlier releases should update to the current release if they have\n not already done so. Other Stonesoft\u0027s products are\n still under investigation. \n\n Sun\u0027s SNMP product, Solstice Enterprise Agents (SEA), described\n here:\n http://www.sun.com/solstice/products/ent.agents/\n is affected by VU#854306 but not VU#107186. More specifically the\n main agent of SEA, snmpdx(1M), is affected on Solaris 2.6, 7, 8. \n Sun is currently generating patches for this issue and will be\n releasing a Sun Security Bulletin once the patches are available. \n The bulletin will be available from:\n http://sunsolve.sun.com/security. Sun patches are available from:\n http://sunsolve.sun.com/securitypatch. \n\nSymantec Corporation\n\n Symantec Corporation has investigated the SNMP issues identified by\n the OUSPG test suite and determined that Symantec products are not\n susceptable [sic] to these issues. \n\nTANDBERG\n\n Tandberg have run all the testcases found the PROTOS test-suie\n [sic], c06snmpv1:\n 1. c06-snmpv1-trap-enc-pr1.jar\n 2. c06-snmpv1-treq-app-pr1.jar\n 3. c06-snmpv1-trap-enc-pr1.jar\n 4. c06-snmpv1-req-app-pr1.jar\n The tests were run with standard delay time between the requests\n (100ms), but also with a delay of 1ms. The tests applies to all\n TANDBERG products (T500, T880, T1000, T2500, T6000 and T8000). The\n software tested on these products were B4.0 (our latest software)\n and no problems were found when running the test suite. \n\nAppendix B. - References\n 1. http://www.ee.oulu.fi/research/ouspg/protos/\n 2. http://www.kb.cert.org/vuls/id/854306\n 3. http://www.kb.cert.org/vuls/id/107186\n 4. http://www.cert.org/tech_tips/denial_of_service.html\n 5. http://www.ietf.org/rfc/rfc1067.txt\n 6. http://www.ietf.org/rfc/rfc1089.txt\n 7. http://www.ietf.org/rfc/rfc1140.txt\n 8. http://www.ietf.org/rfc/rfc1155.txt\n 9. http://www.ietf.org/rfc/rfc1156.txt\n 10. http://www.ietf.org/rfc/rfc1215.txt\n 11. http://www.ietf.org/rfc/rfc1270.txt\n 12. http://www.ietf.org/rfc/rfc1352.txt\n\nAppendix C. - Background Information\n\n Background Information on the OUSPG\n\n OUSPG is an academic research group located at Oulu University in\n Finland. The purpose of this research group is to test software\n for vulnerabilities. \n History has shown that the techniques used by the OUSPG have\n discovered a large number of previously undetected problems in the\n products and protocols they have tested. In 2001, the OUSPG\n produced a comprehensive test suite for evaluating implementations\n of the Lightweight Directory Access Protocol (LDAP). This test\n suite was developed with the strategy of abusing the protocol in\n unsupported and unexpected ways, and it was very effective in\n uncovering a wide variety of vulnerabilities across several\n products. This approach can reveal vulnerabilities that would not\n manifest themselves under normal conditions. \n After completing its work on LDAP, OUSPG moved its focus to\n SNMPv1. As with LDAP, they designed a custom test suite, began\n testing a selection of products, and found a number of\n vulnerabilities. Because OUSPG\u0027s work on LDAP was similar in\n procedure to its current work on SNMP, you may wish to review the\n LDAP Test Suite and CERT Advisory CA-2001-18, which outlined\n results of application of the test suite. \n In order to test the security of protocols like SNMPv1, the PROTOS\n project presents a server with a wide variety of sample packets\n containing unexpected values or illegally formatted data. As a\n member of the PROTOS project consortium, the OUSPG used the PROTOS\n c06-snmpv1 test suite to study several implementations of the\n SNMPv1 protocol. Software and\n firmware products designed for networks often make use of the SNMP\n protocol. SNMP runs on a multitude of devices and operating\n systems, including, but not limited to,\n + Core Network Devices (Routers, Switches, Hubs, Bridges, and\n Wireless Network Access Points)\n + Operating Systems\n + Consumer Broadband Network Devices (Cable Modems and DSL\n Modems)\n + Consumer Electronic Devices (Cameras and Image Scanners)\n + Networked Office Equipment (Printers, Copiers, and FAX\n Machines)\n + Network and Systems Management/Diagnostic Frameworks (Network\n Sniffers and Network Analyzers)\n + Uninterruptible Power Supplies (UPS)\n + Networked Medical Equipment (Imaging Units and Oscilloscopes)\n + Manufacturing and Processing Equipment\n The SNMP protocol is formally defined in RFC1157. Quoting from\n that RFC:\n\n Implicit in the SNMP architectural model is a collection\n of network management stations and network elements. \n Network management stations execute management\n applications which monitor and control network elements. \n Network elements are devices such as hosts, gateways,\n terminal servers, and the like, which have management\n agents responsible for performing the network management\n functions requested by the network management stations. \n\n Additionally, SNMP is discussed in a number of other RFC\n documents:\n + RFC 3000 Internet Official Protocol Standards\n + RFC 1212 Concise MIB Definitions\n + RFC 1213 Management Information Base for Network Management\n of TCP/IP-based Internets: MIB-II\n + RFC 1215 A Convention for Defining Traps for use with the\n SNMP\n + RFC 1270 SNMP Communications Services\n + RFC 2570 Introduction to Version 3 of the Internet-standard\n Network Management Framework\n + RFC 2571 An Architecture for Describing SNMP Management\n Frameworks\n + RFC 2572 Message Processing and Dispatching for the Simple\n Network Management Protocol (SNMP)\n + RFC 2573 SNMP Applications\n + RFC 2574 User-based Security Model (USM) for version 3 of the\n Simple Network Management Protocol (SNMPv3)\n + RFC 2575 View-based Access Control Model (VACM) for the\n Simple Network Management Protocol (SNMP)\n + RFC 2576 Coexistence between Version 1, Version 2, and\n Version 3 of the Internet-standard Network Management\n Framework\n _____________________________________________________________\n\n The CERT Coordination Center thanks the Oulu University Secure\n Programming Group for reporting these vulnerabilities to us, for\n providing detailed technical analyses, and for assisting us in\n preparing this advisory. We also thank Steven M. Bellovin (AT\u0026T\n Labs -- Research), Wes Hardaker (Net-SNMP), Steve Moulton (SNMP\n Research), Tom Reddington (Bell Labs), Mike Duckett (Bell South),\n Rob Thomas, Blue Boar (Thievco), and the many others who\n contributed to this document. \n _____________________________________________________________\n\n Feedback on this document can be directed to the authors, Ian A. \n Finlay, Shawn V. Hernan, Jason A. Rafail, Chad Dougherty, Allen D. \n Householder, Marty Lindner, and Art Manion. \n __________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2002-03.html\n __________________________________________________________________\n\n CERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n \n Using encryption\n We strongly urge you to encrypt sensitive information sent by\n email. Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n If you prefer to use DES, please call the CERT hotline for more\n information. \n \n Getting security information\n CERT publications and other security information are available\n from our web site\n http://www.cert.org/\n To subscribe to the CERT mailing list for advisories and\n bulletins, send email to majordomo@cert.org. Please include in the\n body of your message\n \n subscribe cert-advisory\n \n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n __________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the\n Software Engineering Institute is furnished on an \"as is\" basis. \n Carnegie Mellon University makes no warranties of any kind, either\n expressed or implied as to any matter including, but not limited\n to, warranty of fitness for a particular purpose or\n merchantability, exclusivity or results obtained from use of the\n material. Carnegie Mellon University does not make any warranty of\n any kind with respect to freedom from patent, trademark, or\n copyright infringement. \n _____________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n Copyright 2002 Carnegie Mellon University. \n\nRevision History\n\n February 12, 2002: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPGltxKCVPMXQI2HJAQGVeAQAuHtxGBsmU5HI6PtqhpZ1rkpV+Cq3ChIU\nR1FUz4Zi2vzklH8jdXd10KqwZAPhXTPazeguhRyLVSUprMlSKqcXg3BCkH/y4WAl\nQUZ1VnQXMnMrxIJO1fv0WW0pcyM4W0iQBl0kCIlawPcjCGVniOCOr+4CE0f923wr\nuZiMJ5f2SEo=\n=h42e\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"db": "PACKETSTORM",
"id": "25758"
}
],
"trust": 4.59
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=21296",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-0013"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#854306",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2002-0013",
"trust": 3.4
},
{
"db": "BID",
"id": "4132",
"trust": 1.9
},
{
"db": "BID",
"id": "4732",
"trust": 1.9
},
{
"db": "BID",
"id": "4089",
"trust": 1.9
},
{
"db": "BID",
"id": "4088",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#107186",
"trust": 1.5
},
{
"db": "XF",
"id": "8176",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034",
"trust": 0.8
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:87",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:298",
"trust": 0.6
},
{
"db": "ISS",
"id": "20020212 PROTOS REMOTE SNMP ATTACK TOOL",
"trust": 0.6
},
{
"db": "MS",
"id": "MS02-006",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2001:163",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "57404",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-03",
"trust": 0.6
},
{
"db": "SGI",
"id": "20020201-01-A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200202-004",
"trust": 0.6
},
{
"db": "BID",
"id": "89608",
"trust": 0.3
},
{
"db": "BID",
"id": "89661",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "21296",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-0013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "25758",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "PACKETSTORM",
"id": "25758"
},
{
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"id": "VAR-200202-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42828385666666663
},
"last_update_date": "2023-12-18T12:47:42.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX00184",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00964944"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ibm.com/jp/"
},
{
"title": "MS02-006",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx"
},
{
"title": "RHSA-2001:163",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2001-163.html"
},
{
"title": "#00215",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-1"
},
{
"title": "#00215",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-22-00215-3"
},
{
"title": "MS02-006",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms02-006.mspx"
},
{
"title": "RHSA-2001:163",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2001-163j.html"
},
{
"title": "Cisco: Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20020211-snmp-msgs-non-ios"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "NVD",
"id": "CVE-2002-0013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://www.cert.org/advisories/ca-2002-03.html"
},
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/854306"
},
{
"trust": 2.3,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2001-163.html"
},
{
"trust": 1.7,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/"
},
{
"trust": 1.7,
"url": "http://www.cert.org/tech_tips/denial_of_service.html"
},
{
"trust": 1.7,
"url": "http://www.ietf.org/rfc/rfc1215.txt"
},
{
"trust": 1.7,
"url": "http://www.ietf.org/rfc/rfc1270.txt"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/alerts/advise110.php"
},
{
"trust": 1.7,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-a"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc3000.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1212.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc1213.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2570.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2571.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2572.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2573.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2574.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2575.txt"
},
{
"trust": 1.6,
"url": "http://www.ietf.org/rfc/rfc2576.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/4088"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/bid/4132"
},
{
"trust": 1.6,
"url": "http://online.securityfocus.com/bid/4732"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/4089"
},
{
"trust": 1.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0013"
},
{
"trust": 1.2,
"url": "http://www.microsoft.com/technet/security/bulletin/ms02-006.asp"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a87"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a298"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-042.shtml"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20020213snmp.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr020701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr020901.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2002/at020001.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-03"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0013"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/8176"
},
{
"trust": 0.7,
"url": "http://www.kb.cert.org/vuls/id/107186"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0012"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:87"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:298"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f44605"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f42769"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f43365"
},
{
"trust": 0.3,
"url": "http://online.securityfocus.com/news/474"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-006.asp"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/snmp_2002_alert.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f46343"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/public/sw-center/sw-ios.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/21296/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20020211-snmp-msgs-non-ios"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1352.txt"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/snmp_faq.html"
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/ca/4.1.02/relnotes.htm"
},
{
"trust": 0.1,
"url": "http://www.innerdive.com/products/ric/)"
},
{
"trust": 0.1,
"url": "https://www.juniper.net."
},
{
"trust": 0.1,
"url": "http://sunsolve.sun.com/securitypatch."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt/."
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/ca/4.0.15/relnotes.htm"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1067.txt"
},
{
"trust": 0.1,
"url": "https://www.dartware.com)"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1140.txt"
},
{
"trust": 0.1,
"url": "http://itrc.hp.com"
},
{
"trust": 0.1,
"url": "http://www.sun.com/solstice/products/ent.agents/"
},
{
"trust": 0.1,
"url": "http://stage.caldera.com/support/security"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/)"
},
{
"trust": 0.1,
"url": "http://www.net-snmp.org/download/)."
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.ibm.com/software/lotus/support/)."
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/sa/4.0.15/relnotes.htm"
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/"
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1156.txt"
},
{
"trust": 0.1,
"url": "http://support.novell.com/tools/csp/"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/cpe/patches/"
},
{
"trust": 0.1,
"url": "https://www.covalent.net"
},
{
"trust": 0.1,
"url": "http://www.innerdive.com/products/mibscout/)"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/0100.h"
},
{
"trust": 0.1,
"url": "http://sunsolve.sun.com/security."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1155.txt"
},
{
"trust": 0.1,
"url": "http://www.stonesoft.com/support/techcenter/"
},
{
"trust": 0.1,
"url": "http://www.sgi.com/support/security/."
},
{
"trust": 0.1,
"url": "http://www.ietf.org/rfc/rfc1089.txt"
},
{
"trust": 0.1,
"url": "http://download.cacheflow.com/release/ca/3.1.22/relnotes.htm"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "PACKETSTORM",
"id": "25758"
},
{
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#107186"
},
{
"db": "CERT/CC",
"id": "VU#854306"
},
{
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"db": "PACKETSTORM",
"id": "25758"
},
{
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-01-16T00:00:00",
"db": "CERT/CC",
"id": "VU#107186"
},
{
"date": "2002-02-12T00:00:00",
"db": "CERT/CC",
"id": "VU#854306"
},
{
"date": "2002-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89608"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89661"
},
{
"date": "2002-05-13T00:00:00",
"db": "BID",
"id": "4732"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4089"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4132"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"date": "2002-02-12T22:54:19",
"db": "PACKETSTORM",
"id": "25758"
},
{
"date": "2002-02-13T05:00:00",
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"date": "2002-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#107186"
},
{
"date": "2007-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#854306"
},
{
"date": "2018-10-12T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0013"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89608"
},
{
"date": "2002-03-08T00:00:00",
"db": "BID",
"id": "89661"
},
{
"date": "2002-05-13T00:00:00",
"db": "BID",
"id": "4732"
},
{
"date": "2009-07-11T10:56:00",
"db": "BID",
"id": "4089"
},
{
"date": "2002-02-12T00:00:00",
"db": "BID",
"id": "4132"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000034"
},
{
"date": "2018-10-12T21:30:48.157000",
"db": "NVD",
"id": "CVE-2002-0013"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200202-004"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
},
{
"db": "BID",
"id": "4732"
},
{
"db": "BID",
"id": "4089"
},
{
"db": "BID",
"id": "4132"
}
],
"trust": 1.5
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in SNMPv1 trap handling",
"sources": [
{
"db": "CERT/CC",
"id": "VU#107186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "89608"
},
{
"db": "BID",
"id": "89661"
}
],
"trust": 0.6
}
}
VAR-200704-0046
Vulnerability from variot - Updated: 2023-12-18 12:39Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/
TITLE: SAP RFC Library Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA24722
VERIFY ADVISORY: http://secunia.com/advisories/24722/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information, DoS, System access
WHERE:
From local network
SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/
DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients.
4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function.
5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server.
The vulnerabilities are reported in SAP RFC Library versions 6.40 and 7.00. Other versions may also be affected.
SOLUTION: Reportedly, SAP released patches.
PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce
ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200704-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rfc library",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "7.0"
},
{
"model": "rfc library",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "6.4"
},
{
"model": "rfc library",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "6.40 20061211"
},
{
"model": "rfc library",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "7.00"
},
{
"model": "tru64",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "mac os",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "rfc library",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.00"
},
{
"model": "rfc library",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.40"
}
],
"sources": [
{
"db": "BID",
"id": "23304"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:os_400:gold:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:ibm:os_400:v5r2m0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:ibm:racf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:rfc_library:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:rfc_library:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1916"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mariano Nu\u0026ntilde;ez Di Croce\u203b mnunez@cybsec.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
],
"trust": 0.6
},
"cve": "CVE-2007-1916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-1916",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-25278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-1916",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200704-168",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-25278",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25278"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. \nAn attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \n\n----------------------------------------------------------------------\n\nSecunia customers receive relevant and filtered advisories. \nDelivery is done via different channels including SMS, Email, Web,\nand https based XML feed. \nhttp://corporate.secunia.com/trial/38/request/\n\n----------------------------------------------------------------------\n\nTITLE:\nSAP RFC Library Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24722\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24722/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nSAP RFC Library 7.x\nhttp://secunia.com/product/13851/\nSAP RFC Library 6.x\nhttp://secunia.com/product/13850/\n\nDESCRIPTION:\nMariano Nu\\xf1ez Di Croce has reported some vulnerabilities in SAP RFC\nLibrary, which can be exploited by malicious people to disclose\npotentially sensitive information, cause a DoS (Denial of Service),\nand compromise a vulnerable system. \n\n1) The \"RFC_SET_REG_SERVER_PROPERTY\" RFC function allows to define\nthe exclusive use of the RFC Server. This can be exploited to cause a\nDoS by denying access to other clients. \n\n4) Two unspecified errors exist within the \"RFC_START_PROGRAM\" RFC\nfunction. \n\n5) An error within the \"TRUSTED_SYSTEM_SECURITY\" function can be\nexploited to gain knowledge about existing user accounts and groups\non a RFC server. \n\nThe vulnerabilities are reported in SAP RFC Library versions 6.40 and\n7.00. Other versions may also be affected. \n\nSOLUTION:\nReportedly, SAP released patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nMariano Nu\\xf1ez Di Croce\n\nORIGINAL ADVISORY:\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "BID",
"id": "23304"
},
{
"db": "VULHUB",
"id": "VHN-25278"
},
{
"db": "PACKETSTORM",
"id": "55699"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1916",
"trust": 2.5
},
{
"db": "BID",
"id": "23304",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "24722",
"trust": 1.8
},
{
"db": "SREASON",
"id": "2537",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1270",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-25278",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "55699",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25278"
},
{
"db": "BID",
"id": "23304"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "PACKETSTORM",
"id": "55699"
},
{
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"id": "VAR-200704-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25278"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:39:52.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sap.com/index.epx"
},
{
"title": "SAP RFC_START_GUI RFC Fixes for function buffer error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163494"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_gui_rfc_function_buffer_overflow.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/23304"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/464680/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24722"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2537"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/1270"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33420"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1916"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1916"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13850/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/trial/38/request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13851/"
},
{
"trust": 0.1,
"url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_trusted_system_security_rfc_function_information_disclosure.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24722/"
},
{
"trust": 0.1,
"url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_system_create_instance_rfc_function_buffer_overflow.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_set_reg_server_property_rfc_function_denial_of_service.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_program_rfc_function_multiple_vulnerabilities.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25278"
},
{
"db": "BID",
"id": "23304"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "PACKETSTORM",
"id": "55699"
},
{
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-25278"
},
{
"db": "BID",
"id": "23304"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"db": "PACKETSTORM",
"id": "55699"
},
{
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-25278"
},
{
"date": "2007-04-04T00:00:00",
"db": "BID",
"id": "23304"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"date": "2007-04-07T19:35:58",
"db": "PACKETSTORM",
"id": "55699"
},
{
"date": "2007-04-10T23:19:00",
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"date": "2007-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-25278"
},
{
"date": "2007-04-05T17:12:00",
"db": "BID",
"id": "23304"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005367"
},
{
"date": "2021-09-22T14:22:17.447000",
"db": "NVD",
"id": "CVE-2007-1916"
},
{
"date": "2021-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP RFC Library of RFC_START_GUI Buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005367"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-168"
}
],
"trust": 0.6
}
}
VAR-200808-0315
Vulnerability from variot - Updated: 2023-12-18 12:23Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service use thes Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "libbecompat" library that is used by several of the set-uid "ingres" utilities included with Ingres. When copying a user supplied environment variable into a fixed-size stack buffer, the library fails to check the length of the source string.
III. By itself, this vulnerability does not have very serious consequences.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3389 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix: 1. Log in to the system as the installation owner and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres home directory 2. PATH must include $II_SYSTEM/ingres/bin and $II_SYSTEM/ingres/utility directories 3. Add $II_SYSTEM/ingres/lib to the shared library path 4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx' 2. Copy the downloaded update file to the /tmp directory and uncompress 3. Read in the update file with the following commands: umask 022 tar xf [update_file] This creates a directory containing the distribution and other files. 4. Stop all applications that may be connected to or using any of the files in the Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. Also, copy the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to ensure that the configuration can be restored. 7. From the root directory of the Ingres installation ($II_SYSTEM/ingres), run the following command: tar xf /tmp//ingres.tar install 8. Run the following command: install/ingbuild 9. The initial install screen appears. 10. In the Distribution medium enter the full path to the ‘ingres.tar' file (including the file) (See step 4). 11. Choose PackageInstall from the list of installation options and then choose ‘Stand alone DBMS Server' from the list of packages. Then choose ExpressInstall. 12. Choose Yes in the pop-up screen and press Enter key. The install utility verifies that each component was transferred properly from the distribution medium. When this is finished (without errors), another pop-up screen for setting up the components comes up. 13. Select Yes and press Enter key to go to the Setup program. 14. Once the installation is complete, check the $II_SYSTEM/ingres/files/install.log for any errors. Also, check the $II_SYSTEM/ingres/version.rel file to verify the new build is referenced; this should show 3.0.3 for the build. 15. If there are no errors, then restore the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files from the copies made in step 6 to replace the existing files. 16. Start Ingres using the ‘ingstart' utility: ingstart 17. Upgrade the databases in the installation to the new release level: upgradedb -all
Linux: 1. Log on to the machine as ‘root'. 2. Copy the downloaded build update file and to a previously chosen directory and uncompress. 3. Read in the update file with the following command: tar xf [update file] This creates a directory containing rpm packages for all of the Ingres tools. 4. Shut down any non-Ingres application(s) that may be connected to or using any of the files in the specified Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. 7. From the directory that was created in step 3, install the update rpms with the following command: rpm –Uvh *.rpm If the following error is seen for either the ‘ca-ingres-documentation-3.0.3-103', the ‘ca-ingres-CATOSL-3.0.3-103' or the ‘ca-cs-utils-11.0.04348-0000' (or all of them) packages, remove them from the directory containing the rpms and re-run the above command: package is already installed 8. If the installation finishes successfully, then log on as ‘ingres' to the machine and start Ingres using the ‘ingstart' utility: ingstart 9. Upgrade ‘mdb' database with the following command: upgradedb -all
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
1) An error exists in the "verifydb" utility due to improperly changing permissions on files and having the setuid-bit set (owned by the "ingres" user). via a specially crafted environmental variable.
3) An error exists within the "ingvalidpw" utility due to being setuid "root" and loading shared libraries from a directory owned by the "ingres" user.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.8,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2006"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-3389",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3389",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-050",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service use thes Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"libbecompat\" library that is used\nby several of the set-uid \"ingres\" utilities included with Ingres. When\ncopying a user supplied environment variable into a fixed-size stack\nbuffer, the library fails to check the length of the source string. \n\nIII. By itself,\nthis vulnerability does not have very serious consequences. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workaround for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3389 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n1) An error exists in the \"verifydb\" utility due to improperly\nchanging permissions on files and having the setuid-bit set (owned by\nthe \"ingres\" user). via a specially\ncrafted environmental variable. \n\n3) An error exists within the \"ingvalidpw\" utility due to being\nsetuid \"root\" and loading shared libraries from a directory owned by\nthe \"ingres\" user. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3389",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020615",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080801 INGRES DATABASE FOR LINUX LIBBECOMPAT STACK BASED BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080806 CA PRODUCTS THAT EMBED INGRES MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "44179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"id": "VAR-200808-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2023-12-18T12:23:10.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 2.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020615"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3389"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44179"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495177/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2313"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2292"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"date": "2008-08-04T19:10:47",
"db": "PACKETSTORM",
"id": "68785"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"date": "2018-10-11T20:48:12.193000",
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Such as above Ingres Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 0.6
}
}
VAR-200305-0049
Vulnerability from variot - Updated: 2023-12-18 12:13Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. Samba contains several buffer overflow vulnerabilitites. Samba contains several buffer overflow vulnerabilitites. An updated version has been released. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Samba 2.2.8 Previously, when dealing with files with very long file names, smbd/trans2.c Inside StrnCpy() There is a problem with buffer overflow in functions. StrnCpy(fname,pname,namelen) Marked StrnCpy() In the function namelen using pstring Type (1024 Byte char Type array ) Variables fname Within pname Copy for that reason, pname In 1024 By giving a value larger than bytes, it is possible to cause a buffer overflow and overwrite the memory area. (CAN-2003-0201) In addition, there are other potential buffer overflow issues that stem from this issue. 3 Have been found by vendors (CAN-2003-0196) , A corrected version for all these issues Samba 2.2.8a Is published. At this time, this problem (CAN-2003-0196) Details of are unknown.Please refer to the “Overview” for the impact of this vulnerability. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Samba-TNG 0.3.1 and earlier are also affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200305-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "montavista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "samba team",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "sun microsystems",
"version": null
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.9,
"vendor": "compaq",
"version": "5.1"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "samba tng",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "sorceror linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "trustix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "wirex",
"version": null
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.1_pk5_bl19"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.0f"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.1_pk4_bl18"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.0a"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.0a_pk3_bl17"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.0_pk4_bl18"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.0_pk4_bl17"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.1_pk6_bl20"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.6,
"vendor": "compaq",
"version": "5.1_pk3_bl17"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.3"
},
{
"model": "samba-tng",
"scope": "eq",
"trust": 1.3,
"vendor": "samba tng",
"version": "0.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "samba-tng",
"scope": "eq",
"trust": 1.3,
"vendor": "samba tng",
"version": "0.3.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.6"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.2.4"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.0"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.7"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.5"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.2.8"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.9"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.4"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.10"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.2.0"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.2.6"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.0.2"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.2.7"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.3,
"vendor": "samba",
"version": "2.2.5"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk3_bl3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.3"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk6_bl17"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk2_bl2"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": null
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.05"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.09.01"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0d_pk9_bl17"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.0,
"vendor": "samba",
"version": "2.2.0a"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk7_bl18"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b_pk1_bl1"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.07"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.06"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "9.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "8.0"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.09"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0d"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.7"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk1_bl1"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.0,
"vendor": "samba",
"version": "2.2.3a"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.08"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.0,
"vendor": "samba",
"version": "2.2.7a"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.4"
},
{
"model": "samba",
"scope": "eq",
"trust": 1.0,
"vendor": "samba",
"version": "2.2.1a"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.09.02"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a"
},
{
"model": "cifs-9000 server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.08.01"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0b"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g_pk3_bl17"
},
{
"model": "samba",
"scope": "lte",
"trust": 0.8,
"vendor": "samba",
"version": "2.2.8"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "1.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "tru64 pk4",
"scope": "eq",
"trust": 0.6,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 f pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "2.2.1"
},
{
"model": "cifs/9000 server a.01.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cifs/9000 server a.01.09.03",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "solaris x86",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "alpha",
"scope": "ne",
"trust": 0.3,
"vendor": "samba",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "tru64 g pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": ".0a",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "2.2"
},
{
"model": "tru64 d pk9",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cifs/9000 server a.01.09",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cobalt raq 4100r",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cifs/9000 server a.01.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "tru64 d",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "samba",
"version": "2.2.8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "tru64 f pk7",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "2.2.2"
},
{
"model": "tru64 pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "cifs/9000 server a.01.08",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cifs/9000 server a.01.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cifs/9000 server a.01.09.04",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt qube3 4000wg",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cifs/9000 server a.01.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 a pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 b pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "cifs/9000 server a.01.06",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "tru64 a pk2",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "2.2.7"
},
{
"model": "cifs/9000 server a.01.05",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0"
},
{
"model": "solaris 9 x86 update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 pk5",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "samba-tng",
"scope": "ne",
"trust": 0.3,
"vendor": "samba tng",
"version": "0.3.2"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "2.2.3"
},
{
"model": "cobalt raq4 3001r",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq xtr 3500r",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#298233"
},
{
"db": "BID",
"id": "7294"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.09.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0201"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Erik Parker\u203b erik.parker@digitaldefense.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0201",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2003-0201",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-7030",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0201",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#267873",
"trust": 1.6,
"value": "20.48"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#298233",
"trust": 0.8,
"value": "23.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200305-012",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-7030",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-0201",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#298233"
},
{
"db": "VULHUB",
"id": "VHN-7030"
},
{
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. Samba contains several buffer overflow vulnerabilitites. Samba contains several buffer overflow vulnerabilitites. An updated version has been released. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Samba 2.2.8 Previously, when dealing with files with very long file names, smbd/trans2.c Inside StrnCpy() There is a problem with buffer overflow in functions. StrnCpy(fname,pname,namelen) Marked StrnCpy() In the function namelen using pstring Type (1024 Byte char Type array ) Variables fname Within pname Copy for that reason, pname In 1024 By giving a value larger than bytes, it is possible to cause a buffer overflow and overwrite the memory area. (CAN-2003-0201) In addition, there are other potential buffer overflow issues that stem from this issue. 3 Have been found by vendors (CAN-2003-0196) , A corrected version for all these issues Samba 2.2.8a Is published. At this time, this problem (CAN-2003-0196) Details of are unknown.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Samba-TNG 0.3.1 and earlier are also affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#298233"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"db": "BID",
"id": "7294"
},
{
"db": "VULHUB",
"id": "VHN-7030"
},
{
"db": "VULMON",
"id": "CVE-2003-0201"
}
],
"trust": 4.23
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=55",
"trust": 1.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-7030",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7030"
},
{
"db": "VULMON",
"id": "CVE-2003-0201"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7294",
"trust": 4.5
},
{
"db": "NVD",
"id": "CVE-2003-0201",
"trust": 4.5
},
{
"db": "CERT/CC",
"id": "VU#267873",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#298233",
"trust": 2.4
},
{
"db": "BID",
"id": "7106",
"trust": 0.8
},
{
"db": "BID",
"id": "7295",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20030408 [SORCERER-SPELLS] SAMBA--SORCERER2003-04-08",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030407 IMMUNIX SECURED OS 7+ SAMBA UPDATE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030409 GLSA: SAMBA (200304-02)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030407 [DDI-1013] BUFFER OVERFLOW IN SAMBA ALLOWS REMOTE ROOT COMPROMISE",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2003:025",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2003:624",
"trust": 0.6
},
{
"db": "SGI",
"id": "20030403-01-P",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:044",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:567",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:2163",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-280",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:137",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-88770",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-88737",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-66978",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76273",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-88826",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-18016",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76271",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70847",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62711",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71372",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71376",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76272",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71360",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76270",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22468",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22469",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16330",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16861",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22470",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16876",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16880",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22471",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9924",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "7",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84541",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82311",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7030",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "55",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0201",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#298233"
},
{
"db": "VULHUB",
"id": "VHN-7030"
},
{
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"db": "BID",
"id": "7294"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"id": "VAR-200305-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7030"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:13:56.501000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX00254",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00956530"
},
{
"title": "HPSBUX0304-254",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-254.html"
},
{
"title": "RHSA-2003:137",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-137.html"
},
{
"title": "samba",
"trust": 0.8,
"url": "http://www.samba.org/samba/samba.html"
},
{
"title": "53581",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-53581-1"
},
{
"title": "53924",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-53924-1"
},
{
"title": "53581",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-53581-3"
},
{
"title": "53924",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-53924-3"
},
{
"title": "TLSA-2003-27",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-27.txt"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.miraclelinux.com/"
},
{
"title": "RHSA-2003:137",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-137j.html"
},
{
"title": "TLSA-2003-27",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-27j.txt"
},
{
"title": "trans2open-CVE-2003-0201",
"trust": 0.1,
"url": "https://github.com/kernelpan1k/trans2open-cve-2003-0201 "
},
{
"title": "Reporte-de-Resultados",
"trust": 0.1,
"url": "https://github.com/rebekattan/reporte-de-resultados "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/bensongithub/eqgrp "
},
{
"title": "Tools",
"trust": 0.1,
"url": "https://github.com/bl4ck4t/tools "
},
{
"title": "x0rzEQGRP",
"trust": 0.1,
"url": "https://github.com/happysmack/x0rzeqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/nekkidso/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/391861737/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/muhammd/eqgrp "
},
{
"title": "ShadowBrokersFiles",
"trust": 0.1,
"url": "https://github.com/r3k1ng/shadowbrokersfiles "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/ckmaenn/eqgrp "
},
{
"title": "EQGRP_Linux",
"trust": 0.1,
"url": "https://github.com/cybernetix-s3c/eqgrp_linux "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/iha114/eqgrp "
},
{
"title": "ShadowBrokersFiles",
"trust": 0.1,
"url": "https://github.com/antiscammerarmy/shadowbrokersfiles "
},
{
"title": "shadowbrokerstuff",
"trust": 0.1,
"url": "https://github.com/thetrentusdev/shadowbrokerstuff "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/devkosov/test "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/hackcrypto/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/ninja-tw1st/eqgrp "
},
{
"title": "leaked2",
"trust": 0.1,
"url": "https://github.com/kongjiexi/leaked2 "
},
{
"title": "bdhglopoj",
"trust": 0.1,
"url": "https://github.com/maxcvnd/bdhglopoj "
},
{
"title": "shadowbrokerstuff",
"trust": 0.1,
"url": "https://github.com/shakenetwork/shadowbrokerstuff "
},
{
"title": "x0rz-EQGRP",
"trust": 0.1,
"url": "https://github.com/r3p3r/x0rz-eqgrp "
},
{
"title": "ShadowBrokersStuff",
"trust": 0.1,
"url": "https://github.com/thetrentus/shadowbrokersstuff "
},
{
"title": "EQ1",
"trust": 0.1,
"url": "https://github.com/thepevertedspartan/eq1 "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/badbug6/eqgrp "
},
{
"title": "EQGRP-nasa",
"trust": 0.1,
"url": "https://github.com/soldie/eqgrp-nasa "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/mofty/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/thetrentus/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/namangangwar/eqgrp "
},
{
"title": "EQGRP",
"trust": 0.1,
"url": "https://github.com/x0rz/eqgrp "
},
{
"title": "SB--.-HACK-the-EQGRP-1",
"trust": 0.1,
"url": "https://github.com/cipherreborn/sb--.-hack-the-eqgrp-1 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0201"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "http://www.securityfocus.com/bid/7294"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/267873"
},
{
"trust": 2.1,
"url": "http://www.digitaldefense.net/labs/advisories/ddi-1013.txt"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2003/dsa-280"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:044"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2003-137.html"
},
{
"trust": 1.8,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030403-01-p"
},
{
"trust": 1.8,
"url": "http://www.novell.com/linux/security/advisories/2003_025_samba.html"
},
{
"trust": 1.7,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000624"
},
{
"trust": 1.6,
"url": "http://lists.samba.org/pipermail/samba-announce/2003-april/000065.html"
},
{
"trust": 1.6,
"url": "http://lists.samba.org/pipermail/samba-announce/2003-march/000063.html"
},
{
"trust": 1.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0201"
},
{
"trust": 1.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0196"
},
{
"trust": 1.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0085"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/298233"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0008.html"
},
{
"trust": 1.6,
"url": "http://www.samba-tng.org/download/tng/announcement-0.3.2.txt"
},
{
"trust": 1.6,
"url": "http://www.samba-tng.org/"
},
{
"trust": 1.6,
"url": "http://www.samba.org/"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2163"
},
{
"trust": 1.2,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a567"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104972664226781\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104974612519064\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104994564212488\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104981682014565\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.samba.org/samba/whatsnew/samba-2.2.8.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/7106"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0201"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0201"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/7295"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104972664226781\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104994564212488\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104981682014565\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104974612519064\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:567"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2163"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://metasploit.com/projects/framework/exploits.html"
},
{
"trust": 0.3,
"url": "http://www.samba.org"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/e3a738fd21350fa2faa7e171b121f0d4.html"
},
{
"trust": 0.3,
"url": "http://www.samba-tng.org"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f53581"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f53924"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "http://seer.support.veritas.com/docs/256903.htm"
},
{
"trust": 0.3,
"url": "/archive/1/317758"
},
{
"trust": 0.3,
"url": "/archive/1/317985"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104974612519064\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104972664226781\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104981682014565\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104994564212488\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000624"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/kernelpan1k/trans2open-cve-2003-0201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/55/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/solaris/samba/trans2open"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#298233"
},
{
"db": "VULHUB",
"id": "VHN-7030"
},
{
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"db": "BID",
"id": "7294"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#298233"
},
{
"db": "VULHUB",
"id": "VHN-7030"
},
{
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"db": "BID",
"id": "7294"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-10T00:00:00",
"db": "CERT/CC",
"id": "VU#267873"
},
{
"date": "2003-04-10T00:00:00",
"db": "CERT/CC",
"id": "VU#267873"
},
{
"date": "2003-03-17T00:00:00",
"db": "CERT/CC",
"id": "VU#298233"
},
{
"date": "2003-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-7030"
},
{
"date": "2003-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"date": "2003-04-07T00:00:00",
"db": "BID",
"id": "7294"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"date": "2003-05-05T04:00:00",
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"date": "2003-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-07-10T00:00:00",
"db": "CERT/CC",
"id": "VU#267873"
},
{
"date": "2003-07-10T00:00:00",
"db": "CERT/CC",
"id": "VU#267873"
},
{
"date": "2003-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#298233"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-7030"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0201"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7294"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000113"
},
{
"date": "2018-10-30T16:26:22.763000",
"db": "NVD",
"id": "CVE-2003-0201"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samba contains multiple buffer overflows",
"sources": [
{
"db": "CERT/CC",
"id": "VU#267873"
},
{
"db": "CERT/CC",
"id": "VU#267873"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "7294"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-012"
}
],
"trust": 0.9
}
}
VAR-200301-0002
Vulnerability from variot - Updated: 2023-12-18 12:07Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. The network device driver fills in packet data for less than 46 bytes. The Ethernet standard (IEEE 802.3) defines that the minimum field of a packet is 46 bytes. If a higher layer protocol such as IP provides less than 46 bytes, the device driver must fill the data segment to meet the minimum frame size specification specified by IEEE 802. The padding value is generally NULL data. However, many Ethernet device drivers do not operate correctly in accordance with the standard implementation. The data is padded without using NULL bytes, and the previously transmitted frame data is reused for padding. Since the Ethernet frame buffer is allocated in the kernel memory space, some system sensitive information can be obtained by analyzing these padding data. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. Cisco has stated that the IOS 12.1 and 12.2 trains are not affected. National Semiconductor Ethernet controller chips are not vulnerable to this issue.
This issue is described in CERT Vulnerability VU#412115 (see http://www.kb.cert.org/vuls/id/412115 and http://www.kb.cert.org/vuls/id/JPLA-5BGNYP).
- Contributing Factors
This issue can occur in the following releases:
SPARC Platform * Solaris 2.6 without patch 105181-35 * Solaris 7 without patch 112604-02 * Solaris 8 without patch 112609-02 * Solaris 9 without patch 115172-01
Note: The Am7990 ("LANCE") Ethernet driver le(7D) is for SPARC platforms only, thus x86 platforms are not affected.
This issue only occurs on SPARC systems that utilize the Am7990 ("LANCE") Ethernet driver (le(7D)).
To determine if the Am7990 Ethernet driver is installed on your system, run the following command: $ ifconfig -a le0: flags=1000849 mtu 8232 index 1 inet 127.0.0.0 netmask ff000000
Any reference to "le0" would indicate an open Lance Ethernet (le) interface.
- Symptoms
There are no predictable symptoms that would show the described issue has been exploited. SOLUTION SUMMARY:
- Relief/Workaround
There is no workaround for this issue. Please see "Resolution" section below.
- Resolution
This issue is addressed in the following releases:
SPARC Platform * Solaris 2.6 with patch 105181-35 or later * Solaris 7 with patch 112604-02 or later * Solaris 8 with patch 112609-02 or later * Solaris 9 with patch 115172-01 or later
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.
Copyright 2000-2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. _________ _________
APPLIES TO: ATTACHMENTS:
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200301-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netbsd",
"scope": "eq",
"trust": 1.9,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.3,
"vendor": "linux",
"version": "2.4.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "windows 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows 2000 terminal services",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "network appliance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xerox",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11"
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "zynos v3.40",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "11"
},
{
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "9.0"
},
{
"model": "linux mandrake ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "8.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "8.2"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.1"
},
{
"model": "kernel pre4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.4.18x86"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.39"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.38"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.36"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.35"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.34"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.33"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.32"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.31"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.30"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.29"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.28"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.26"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.25"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.24"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0"
},
{
"model": "m. wright simplestmail.cgi",
"scope": "eq",
"trust": 0.3,
"vendor": "leif",
"version": "2.2.18"
},
{
"model": "m. wright simplestmail.cgi",
"scope": "eq",
"trust": 0.3,
"vendor": "leif",
"version": "2.0.22"
},
{
"model": "jetdirect j6035a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux series",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20800"
},
{
"model": "hp-ux series",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20700"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix m",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix f",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "irix m",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "irix f",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "irix m",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "irix f",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "irix m",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.16"
},
{
"model": "irix f",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.16"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.16"
},
{
"model": "irix m",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.15"
},
{
"model": "irix f",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.15"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.15"
},
{
"model": "irix m",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix f",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.2"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "aix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "clavister",
"version": "8.0"
},
{
"model": "pix firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "515"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#412115"
},
{
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"db": "BID",
"id": "6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "@stake advisories\u203b advisories@atstake.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0001",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0001",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#412115",
"trust": 0.8,
"value": "13.50"
},
{
"author": "CNNVD",
"id": "CNNVD-200301-027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2003-0001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#412115"
},
{
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. The network device driver fills in packet data for less than 46 bytes. The Ethernet standard (IEEE 802.3) defines that the minimum field of a packet is 46 bytes. If a higher layer protocol such as IP provides less than 46 bytes, the device driver must fill the data segment to meet the minimum frame size specification specified by IEEE 802. The padding value is generally NULL data. However, many Ethernet device drivers do not operate correctly in accordance with the standard implementation. The data is padded without using NULL bytes, and the previously transmitted frame data is reused for padding. Since the Ethernet frame buffer is allocated in the kernel memory space, some system sensitive information can be obtained by analyzing these padding data. Some device drivers fail to do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across Ethernet segments. \nCisco has stated that the IOS 12.1 and 12.2 trains are not affected. \nNational Semiconductor Ethernet controller chips are not vulnerable to this issue. \n\n This issue is described in CERT Vulnerability VU#412115 (see\n http://www.kb.cert.org/vuls/id/412115 and\n http://www.kb.cert.org/vuls/id/JPLA-5BGNYP). \n\n2. Contributing Factors\n\n This issue can occur in the following releases:\n\n SPARC Platform\n * Solaris 2.6 without patch 105181-35\n * Solaris 7 without patch 112604-02\n * Solaris 8 without patch 112609-02\n * Solaris 9 without patch 115172-01\n\n Note: The Am7990 (\"LANCE\") Ethernet driver le(7D) is for SPARC\n platforms only, thus x86 platforms are not affected. \n\n This issue only occurs on SPARC systems that utilize the Am7990\n (\"LANCE\") Ethernet driver (le(7D)). \n\n To determine if the Am7990 Ethernet driver is installed on your\n system, run the following command:\n $ ifconfig -a\n le0: flags=1000849\u003cUP,LOOPBACK,RUNNING,MULTICAST,IPv4\u003e mtu 8232 index 1\n inet 127.0.0.0 netmask ff000000\n\n Any reference to \"le0\" would indicate an open Lance Ethernet (le)\n interface. \n\n3. Symptoms\n\n There are no predictable symptoms that would show the described issue\n has been exploited. \n SOLUTION SUMMARY:\n\n4. Relief/Workaround\n\n There is no workaround for this issue. Please see \"Resolution\" section\n below. \n\n5. Resolution\n\n This issue is addressed in the following releases:\n\n SPARC Platform\n * Solaris 2.6 with patch 105181-35 or later\n * Solaris 7 with patch 112604-02 or later\n * Solaris 8 with patch 112609-02 or later\n * Solaris 9 with patch 115172-01 or later\n\n This Sun Alert notification is being provided to you on an \"AS IS\"\n basis. This Sun Alert notification may contain information provided by\n third parties. The issues described in this Sun Alert notification may\n or may not impact your system(s). Sun makes no representations,\n warranties, or guarantees as to the information contained herein. ANY\n AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION\n WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR\n NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT\n YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,\n INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE\n OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. \n This Sun Alert notification contains Sun proprietary and confidential\n information. It is being provided to you pursuant to the provisions of\n your agreement to purchase services from Sun, or, if you do not have\n such an agreement, the Sun.com Terms of Use. This Sun Alert\n notification may only be used for the purposes contemplated by these\n agreements. \n\n Copyright 2000-2003 Sun Microsystems, Inc., 4150 Network Circle, Santa\n Clara, CA 95054 U.S.A. All rights reserved. \n _________________________________________________________________\n _________________________________________________________________\n\n APPLIES TO:\n ATTACHMENTS:\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"db": "CERT/CC",
"id": "VU#412115"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"db": "BID",
"id": "6535"
},
{
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"db": "PACKETSTORM",
"id": "31775"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=26076",
"trust": 0.3,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0001"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#412115",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2003-0001",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1031583",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1040185",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "9962",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "7996",
"trust": 1.7
},
{
"db": "BID",
"id": "6535",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1006959",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2003-0051",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0235",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "26076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121969",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "31775",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#412115"
},
{
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"db": "BID",
"id": "6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"db": "PACKETSTORM",
"id": "31775"
},
{
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"id": "VAR-200301-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0051"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0051"
}
]
},
"last_update_date": "2023-12-18T12:07:38.894000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0305-261",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0305-261"
},
{
"title": "HPSBUX0305-261",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0305-261.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "RHSA-2003:088",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-088.html"
},
{
"title": "RHSA-2003:025",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-025.html"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "57040",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57040-1"
},
{
"title": "57040",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57040-3"
},
{
"title": "Sun Cobalt RaQ 550 Patches",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "RHSA-2003:088",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-088j.html"
},
{
"title": "RHSA-2003:025",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-025j.html"
},
{
"title": "Debian Security Advisories: DSA-336-1 linux-kernel-2.2.20 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=58ad0f1290ecc1a6e695dfd3fb2f62b8"
},
{
"title": "Debian Security Advisories: DSA-332-1 linux-kernel-2.4.17 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=17d54d101eabf59a036c2cb585a20ca4"
},
{
"title": "Debian Security Advisories: DSA-312-1 kernel-patch-2.4.18-powerpc -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96f1908a3b70919deedc21e426bcca93"
},
{
"title": "Debian Security Advisories: DSA-442-1 linux-kernel-2.4.17-s390 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e1cd69896feb28712e70e97121722dfc"
},
{
"title": "Debian Security Advisories: DSA-423-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=73b8461207a710c041c20418bf7cd39c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "exploits",
"trust": 0.1,
"url": "https://github.com/hackerhouse-opensource/exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/412115"
},
{
"trust": 2.5,
"url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-025.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-088.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/9962"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/7996"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=104222046632243\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1031583"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2665"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040185"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded"
},
{
"trust": 0.8,
"url": "http://www.nextgenss.com/advisories/etherleak-2003.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc1042.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0001"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0001"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/6535"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2003/jun/1006959.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0235/"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57040"
},
{
"trust": 0.3,
"url": "/archive/1/353066"
},
{
"trust": 0.3,
"url": "/archive/1/305335"
},
{
"trust": 0.3,
"url": "/archive/1/324392"
},
{
"trust": 0.3,
"url": "/archive/1/306110"
},
{
"trust": 0.3,
"url": "/archive/1/307453"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101006724"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/121969/cisco-asa-ethernet-information-leak.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/26076/"
},
{
"trust": 0.1,
"url": "https://github.com/hackerhouse-opensource/exploits"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/jpla-5bgnyp)."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#412115"
},
{
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"db": "BID",
"id": "6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"db": "PACKETSTORM",
"id": "31775"
},
{
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#412115"
},
{
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"db": "BID",
"id": "6535"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"db": "PACKETSTORM",
"id": "31775"
},
{
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-01-06T00:00:00",
"db": "CERT/CC",
"id": "VU#412115"
},
{
"date": "2003-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"date": "2003-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"date": "2003-01-06T00:00:00",
"db": "BID",
"id": "6535"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"date": "2003-10-06T21:50:59",
"db": "PACKETSTORM",
"id": "31775"
},
{
"date": "2003-01-17T05:00:00",
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"date": "2003-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#412115"
},
{
"date": "2015-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"date": "2019-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0001"
},
{
"date": "2015-05-07T17:26:00",
"db": "BID",
"id": "6535"
},
{
"date": "2015-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000003"
},
{
"date": "2019-04-30T14:27:13.710000",
"db": "NVD",
"id": "CVE-2003-0001"
},
{
"date": "2021-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "31775"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Vendors Network Device Driver Frame Filling Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0051"
},
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200301-027"
}
],
"trust": 0.6
}
}
VAR-200505-0723
Vulnerability from variot - Updated: 2023-12-18 11:51The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). When a packet of this type is handled, an infinite loop is initiated and the affected system halts. A remote attacker may exploit this issue to deny service for legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "datacenter_64-bit"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "r2"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "standard"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "enterprise"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "enterprise_64-bit"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "web"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "windows server 2003",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "2.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.3.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.31"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.5"
},
{
"model": "ios aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.6"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.0"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt enterprise server sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "3.0"
},
{
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.34"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios f",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios bt",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.12"
},
{
"model": "windows nt workstation sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "modular messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios ia",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.3"
},
{
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "3.1"
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.1.x"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.2"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.1"
},
{
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.16"
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.38"
},
{
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.1"
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "2.0"
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.36"
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3"
},
{
"model": "ios bt",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.x"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.10"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.5"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "2.0.1"
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.3"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "1.1"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.33"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "open desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "3.0"
},
{
"model": "windows xp embedded sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6.1"
},
{
"model": "ios ia",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.9"
},
{
"model": "windows xp embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.16"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.3.2"
},
{
"model": "ios aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "2.1"
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.2"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ios a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.19"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.1"
},
{
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios f1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.35"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "cmw+",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0"
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "ios ca",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios/700",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.30"
},
{
"model": "sunos",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "95"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.10"
},
{
"model": "catalyst supervisor software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "29xx2.4.401"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.37"
},
{
"model": "sunos u1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1.3"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "atm switch",
"scope": "eq",
"trust": 0.3,
"vendor": "marconi",
"version": "6.1.1"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.32"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "catalyst supervisor software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "29xx2.1.1102"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.2.1"
},
{
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0"
},
{
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.8"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios p",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.9"
},
{
"model": "atm switch",
"scope": "eq",
"trust": 0.3,
"vendor": "marconi",
"version": "7.0.1"
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.4"
},
{
"model": "windows nt server sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0.1"
},
{
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios ca",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.2"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1x"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.30"
}
],
"sources": [
{
"db": "BID",
"id": "13658"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1649"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Konrad Malewski\u203b koyot@moon.ondraszek.ds.polsl.gliwice.pl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2005-1649",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1649",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1102",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the \"Land\" vulnerability (CVE-1999-0016). \nWhen a packet of this type is handled, an infinite loop is initiated and the affected system halts. \nA remote attacker may exploit this issue to deny service for legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"db": "BID",
"id": "13658"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1649",
"trust": 2.7
},
{
"db": "BID",
"id": "13658",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2005-0559",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000332",
"trust": 0.8
},
{
"db": "NTBUGTRAQ",
"id": "20050516 WINDOWS (XP, 2K3, LONGHORN) IS VULNERABLE TO IPV6 LAND ATTACK.",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1102",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "13658"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"id": "VAR-200505-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33667661
},
"last_update_date": "2023-12-18T11:51:36.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/ja/jp/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/13658"
},
{
"trust": 1.6,
"url": "http://www.ntbugtraq.com/default.aspx?pid=36\u0026sid=1\u0026a2=ind0505\u0026l=ntbugtraq\u0026p=r409\u0026d=0\u0026f=n\u0026h=0\u0026o=d\u0026t=0"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2005/0559"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2005/0559"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-1649"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-1649"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2006-217.htm"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q165/0/05.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q177/5/39.asp"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/tidfinder.cgi?2932511"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/770/land-pub.shtml#iosvers"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/392354"
},
{
"trust": 0.3,
"url": "/archive/1/392642"
},
{
"trust": 0.3,
"url": "/archive/1/393045"
},
{
"trust": 0.3,
"url": "/archive/1/400188"
},
{
"trust": 0.3,
"url": "/archive/1/392354"
}
],
"sources": [
{
"db": "BID",
"id": "13658"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "13658"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-17T00:00:00",
"db": "BID",
"id": "13658"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"date": "2005-05-18T04:00:00",
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"date": "1997-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "13658"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000332"
},
{
"date": "2017-01-20T02:59:01.120000",
"db": "NVD",
"id": "CVE-2005-1649"
},
{
"date": "2005-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows Illegal in IPv6 Service disruption due to packets (Dos) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1102"
}
],
"trust": 0.6
}
}
VAR-200105-0093
Vulnerability from variot - Updated: 2023-12-18 11:48Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Over the past several years, a variety of attacks against TCP initial sequence number (ISN) generation have been discussed. A vulnerability exists in some TCP/IP stack implementations that use random increments for initial sequence numbers. Such implementations are vulnerable to statistical attack, which could allow an attacker to predict, within a reasonable range, sequence numbers of future and existing connections. By predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200105-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 11.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "2.8"
},
{
"model": "windows nt workstation sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6a",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 98se",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "98"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "95"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.1.x"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.x"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "-stablepre050201",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stablepre050201",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5"
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xx"
},
{
"model": "ios 12.1xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ex",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1cx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0xv"
},
{
"model": "ios 12.0xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0w5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 11.2wa3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2sa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2p",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2gs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2f",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "ios 11.1ia",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ct",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1cc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ca",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "99.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "99.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "99.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "88.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "88.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "88.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "88.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "77.0"
},
{
"model": "rtu500 series",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "11.3"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.x"
},
{
"model": "rtu500 series",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "11.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ios",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "2682"
},
{
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0288"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Originally discovered by Tim Newsham \u003ctim.newsham@guardent.com\u003e.",
"sources": [
{
"db": "BID",
"id": "2682"
}
],
"trust": 0.3
},
"cve": "CVE-2001-0288",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3110",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-0288",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200105-050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3110",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3110"
},
{
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Over the past several years, a variety of attacks against TCP initial sequence number (ISN) generation have been discussed. \nA vulnerability exists in some TCP/IP stack implementations that use random increments for initial sequence numbers. Such implementations are vulnerable to statistical attack, which could allow an attacker to predict, within a reasonable range, sequence numbers of future and existing connections. \nBy predicting a sequence number, several attacks could be performed; an attacker could disrupt or hijack existing connections, or spoof future connections",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"db": "BID",
"id": "2682"
},
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3110"
}
],
"trust": 1.44
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-3110",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3110"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-0288",
"trust": 2.2
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050",
"trust": 0.9
},
{
"db": "CISCO",
"id": "20010228 CISCO IOS SOFTWARE TCP INITIAL SEQUENCE NUMBER RANDOMIZATION IMPROVEMENTS",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#498440",
"trust": 0.3
},
{
"db": "BID",
"id": "2682",
"trust": 0.3
},
{
"db": "IVD",
"id": "C8F9CA16-23CE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "19522",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-3110",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3110"
},
{
"db": "BID",
"id": "2682"
},
{
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"id": "VAR-200105-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3110"
}
],
"trust": 0.03
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2023-12-18T11:48:32.133000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-0288"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml"
},
{
"trust": 0.3,
"url": "http://razor.bindview.com/publish/papers/tcpseq.html"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/498440"
},
{
"trust": 0.3,
"url": "https://library.e.abb.com/public/03edbe8b0bed400a8b294347be5d66ab/abb_softwarevulnerabilityhandlingadvisory_abb-vu-pgga-1kgt090284.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3110"
},
{
"db": "BID",
"id": "2682"
},
{
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-3110"
},
{
"db": "BID",
"id": "2682"
},
{
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-05-03T00:00:00",
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"date": "2001-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-3110"
},
{
"date": "2001-03-14T00:00:00",
"db": "BID",
"id": "2682"
},
{
"date": "2001-05-03T04:00:00",
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"date": "2001-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-3110"
},
{
"date": "2016-10-26T05:08:00",
"db": "BID",
"id": "2682"
},
{
"date": "2008-09-05T20:23:44.790000",
"db": "NVD",
"id": "CVE-2001-0288"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Switch and router vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "IVD",
"id": "c8f9ca16-23ce-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200105-050"
}
],
"trust": 0.8
}
}
VAR-200411-0173
Vulnerability from variot - Updated: 2023-12-18 11:48OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. The vulnerability is OpenSSL Applications and systems that use the library may also be affected. For more detailed information about other systems NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please check also.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. For the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. The second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. This entry will be retired when individual BID records are created for each issue. *Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database.
TITLE: Fedora update for openssl096b
SECUNIA ADVISORY ID: SA17381
VERIFY ADVISORY: http://secunia.com/advisories/17381/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: Fedora Core 3 http://secunia.com/product/4222/
DESCRIPTION: Fedora has issued an update for openssl096b. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA10133 SA11139
SOLUTION: Apply updated packages.
Fedora Core 3: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
8d68e4b430aa7c5ca067c12866ae694e SRPMS/openssl096b-0.9.6b-21.42.src.rpm 54a9e78a2fdd625b9dc9121e09eb4398 x86_64/openssl096b-0.9.6b-21.42.x86_64.rpm c5c6174e23eba8d038889d08f49231b8 x86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm 56b63fc150d0c099b2e4f0950e21005b x86_64/openssl096b-0.9.6b-21.42.i386.rpm 56b63fc150d0c099b2e4f0950e21005b i386/openssl096b-0.9.6b-21.42.i386.rpm 93195495585c7e9789041c75b1ed5380 i386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm
OTHER REFERENCES: SA10133: http://secunia.com/advisories/10133/
SA11139: http://secunia.com/advisories/11139/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200411-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "propack",
"scope": "eq",
"trust": 2.1,
"vendor": "sgi",
"version": "2.4"
},
{
"model": "propack",
"scope": "eq",
"trust": 2.1,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.9,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.9,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "sg5",
"scope": "eq",
"trust": 1.9,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 1.9,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg203",
"scope": "eq",
"trust": 1.9,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "sg203",
"scope": "eq",
"trust": 1.9,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate vpn client",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.9"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.8"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.6"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.5"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.4"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7.1"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.7"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.6.3"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.6.2"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.5.18"
},
{
"model": "stonegate",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "1.5.17"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat webcluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat securitycluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5.2"
},
{
"model": "servercluster",
"scope": "eq",
"trust": 1.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "2.0"
},
{
"model": "imanager",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "1.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.7"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.6.2"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5.27"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.5"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.3,
"vendor": "novell",
"version": "8.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.04"
},
{
"model": "apache-based web server",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "2.0.43.00"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "6.10"
},
{
"model": "secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "okena stormwatch",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.1.3"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.1.2"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "css secure content accelerator",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "ciscoworks common services",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "ciscoworks common management foundation",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "sg200",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "converged communications server",
"scope": "eq",
"trust": 1.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3.1"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.3"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.4"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.3"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.2"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2.1"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "5.2"
},
{
"model": "webstar",
"scope": "eq",
"trust": 1.3,
"vendor": "4d",
"version": "4.0"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.03"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "10000_r2.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc3"
},
{
"model": "provider-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2_.111"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.1.02"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.00"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "2000_r2.0.1"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_3.0"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.1"
},
{
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(3\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(1\\)"
},
{
"model": "application and content networking software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "css11000 content services switch",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "*"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.01.05.08"
},
{
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.10"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"model": "edirectory",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "8.5.12a"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.02"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(1\\)"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2.1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(3\\)"
},
{
"model": "sg208",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.109\\)"
},
{
"model": "clientless vpn gateway 4400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "5.0"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4.101\\)"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(1\\)"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "*"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "100_r2.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.3.1"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.10_.0.06s"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0_build_7592"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.01"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.30"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2.2"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3\\)"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "1_2.0"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.1_build_2129"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3210"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.0"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2_0.0.03"
},
{
"model": "content services switch 11500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "crypto accelerator 4000",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "8.05"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5.1.46"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "500"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(2\\)"
},
{
"model": "gsx server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.1_build_5336"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.0"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6k"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp0"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.0.04"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e12"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11\\)e"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(19\\)e1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "aaa server",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "gss 4480 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5000_r2.0.1"
},
{
"model": "s8300",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_\\(0.208\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(11b\\)e14"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc1"
},
{
"model": "s8500",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp2"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2za"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3_rc2"
},
{
"model": "wbem",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "a.02.00.01"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.1"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.2"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2_rc1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "cacheos ca sa",
"scope": "eq",
"trust": 1.0,
"vendor": "bluecoat",
"version": "4.1.12"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.3"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "*"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(4\\)"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "7500_r2.0.1"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.40"
},
{
"model": "vsu",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "5x"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1_\\(3.005\\)"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.3"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(5\\)"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.10_b4"
},
{
"model": "s8700",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "r2.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3\\(3.102\\)"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.1.1"
},
{
"model": "firewall-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "2.0"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "tarantella",
"version": "3.20"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(1\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 1.0,
"vendor": "neoteris",
"version": "3.1"
},
{
"model": "access registrar",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(3.100\\)"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2\\(14\\)sy1"
},
{
"model": "gss 4490 global site selector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1\\(13\\)e9"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.2sy"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6b-3"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "speed technologies litespeed web server",
"scope": "eq",
"trust": 1.0,
"vendor": "lite",
"version": "1.2_rc2"
},
{
"model": "stonebeat fullcluster",
"scope": "eq",
"trust": 1.0,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "intuity audix",
"scope": "eq",
"trust": 1.0,
"vendor": "avaya",
"version": "s3400"
},
{
"model": "mds 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "sidewinder",
"scope": "eq",
"trust": 1.0,
"vendor": "securecomputing",
"version": "5.2.1.02"
},
{
"model": "threat response",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.6-15"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation_fp1"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "vsx_ng_with_application_intelligence"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "next_generation"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(2\\)"
},
{
"model": "openserver",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "webns",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1_0.2.06"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(2\\)"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "0.9.7a-2"
},
{
"model": "pix firewall software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1\\(4\\)"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netscreen",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "vine linux",
"scope": "eq",
"trust": 0.8,
"vendor": "vine linux",
"version": "2.5"
},
{
"model": "vine linux",
"scope": "eq",
"trust": 0.8,
"vendor": "vine linux",
"version": "2.6"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1000 v1.0"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1000 v1.1"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "4000 v1.0"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "500"
},
{
"model": "netscreen idp",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "2.0 - 2.1r6"
},
{
"model": "netscreen ive",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "turbolinux advanced server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (hosting)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "1.0 (workgroup)"
},
{
"model": "turbolinux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "firewall-1 gx",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "v2.0"
},
{
"model": "provider-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng and later"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng and later"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "vsx ng with application intelligence"
},
{
"model": "trendmicro interscan viruswall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "3.81"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux aaa server",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "a.06.01.02.04"
},
{
"model": "hp-ux aaa server",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "a.06.01.02.06"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "ipcom series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( for details"
},
{
"model": "ipcom series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "check the information provided by the vendor. )"
},
{
"model": "netshelter series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( for details"
},
{
"model": "netshelter series",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "check the information provided by the vendor. )"
},
{
"model": "netwatcher",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "( sensor device )"
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7110"
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7115"
},
{
"model": "primergy sslaccelerator",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "7117"
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "sg208",
"scope": null,
"trust": 0.6,
"vendor": "avaya",
"version": null
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.07592"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.15336"
},
{
"model": "gsx server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.12129"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.40"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.30"
},
{
"model": "enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "tarantella",
"version": "33.200"
},
{
"model": "clientless vpn gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "44005.0"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "40001.0"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.5"
},
{
"model": "stonebeat fullcluster for raptor",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for gauntlet",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "3.0"
},
{
"model": "stonebeat fullcluster for firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.0"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.24"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.23"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.21"
},
{
"model": "irix m",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "irix f",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.02"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.04"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.03"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.02"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.0.01"
},
{
"model": "computing sidewinder",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "5.2"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.3"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "7.1.1"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "openssl096b-0.9.6b-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl096-0.9.6-15.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-perl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-devel-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "openssl-0.9.7a-2.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "hat fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "edirectory su1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.7.1"
},
{
"model": "edirectory a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "8.5.12"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3.1"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.3"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.2"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.1"
},
{
"model": "instant virtual extranet",
"scope": "eq",
"trust": 0.3,
"vendor": "netscreen",
"version": "3.0"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.1"
},
{
"model": "litespeed web server rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2.1"
},
{
"model": "litespeed web server rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"model": "litespeed web server rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1.1"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.1"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.3"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"model": "litespeed web server",
"scope": "eq",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.1"
},
{
"model": "wbem a.02.00.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem a.02.00.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "wbem a.01.05.08",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.5"
},
{
"model": "aaa server",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.13"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.12"
},
{
"model": "secure gateway for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "1.1"
},
{
"model": "webns .0.06s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.20.0.03"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.2.06"
},
{
"model": "webns",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10.1.02"
},
{
"model": "webns b4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.10"
},
{
"model": "threat response",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.109)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.102)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3.100)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"model": "ios 12.2za",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44900"
},
{
"model": "gss global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4480"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(0.208)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1(3.005)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "css11000 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application \u0026 content networking software",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "access registrar",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software vpn-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software vpn-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software providor-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software providor-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 vsx ng with application intelligence",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 next generation fp0",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "point software firewall-1 gx",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "2.0"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.12"
},
{
"model": "coat systems cacheos ca/sa",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.1.10"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7500"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5x0"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5000"
},
{
"model": "vsu",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "50"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2000"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10000"
},
{
"model": "vsu r2.0.1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "100"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.4"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "s8700 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity r5 r5.1.46",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity audix r5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "intuity s3400",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity s3210",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "gsx server",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"model": "stonegate sparc",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.12"
},
{
"model": "stonegate",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5x86"
},
{
"model": "stonegate ibm zseries",
"scope": "ne",
"trust": 0.3,
"vendor": "stonesoft",
"version": "2.2.5"
},
{
"model": "computing sidewinder",
"scope": "ne",
"trust": 0.3,
"vendor": "secure",
"version": "5.2.1.10"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "4.1"
},
{
"model": "project openssl d",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl m",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.3.2"
},
{
"model": "litespeed web server",
"scope": "ne",
"trust": 0.3,
"vendor": "lite speed",
"version": "1.0.2"
},
{
"model": "secure gateway for solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "1.14"
},
{
"model": "threat response",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.3"
},
{
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(0.86)"
},
{
"model": "mds",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90001.3(3.33)"
},
{
"model": "point software vpn-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5a",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp3",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software firewall-1",
"scope": "ne",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "webstar",
"scope": "ne",
"trust": 0.3,
"vendor": "4d",
"version": "5.3.2"
},
{
"model": "oneworld xe/erp8 applications sp22",
"scope": null,
"trust": 0.3,
"vendor": "peoplesoft",
"version": null
},
{
"model": "enterpriseone applications",
"scope": "eq",
"trust": 0.3,
"vendor": "peoplesoft",
"version": "8.93"
},
{
"model": "enterpriseone applications sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "peoplesoft",
"version": "8.9"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle8i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "oracle8i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7.4.0"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3"
},
{
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.9"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.8"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.7"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.6"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.5"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.4"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.3"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.1"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.2"
},
{
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#465542"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1_\\(3.005\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:symantec:clientless_vpn_gateway_4400:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:apache-based_web_server:2.0.43.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:firewall_services_module:2.1_\\(0.208\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:aaa_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg208:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:8.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg203:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg208:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg200:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg203:4.31.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg200:4.31.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:sg5:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(13\\)e9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(19\\)e1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(14\\)sy:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:5.1.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:access_registrar:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:6.10_b4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.02.00.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2_rc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:*:*:lx:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:vsx_ng_with_application_intelligence:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:threat_response:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.2_0.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:wbem:a.01.05.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_securitycluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:bluecoat:proxysg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:10000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:2000_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:2.0:*:gx:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:next_generation_fp0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:vpn-1:next_generation_fp0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:okena_stormwatch:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.10_.0.06s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:servercluster:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_webcluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.0.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3_rc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:imanager:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:secure_content_accelerator:10000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:bluecoat:cacheos_ca_sa:4.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:4d:webstar:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:intuity_audix:s3400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:100_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avaya:vsu:7500_r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:firewall-1:*:*:vsx-ng-ai:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:checkpoint:provider-1:4.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:css_secure_content_accelerator:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:webns:7.1_0.2.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lite:speed_technologies_litespeed_web_server:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:novell:imanager:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:1_3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonebeat_fullcluster:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:1.5.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:stonesoft:stonegate_vpn_client:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:securecomputing:sidewinder:5.2.1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:sun:crypto_accelerator_4000:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Litchfield\u203b david@nextgenss.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-0081",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-8511",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0081",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#465542",
"trust": 0.8,
"value": "5.16"
},
{
"author": "CNNVD",
"id": "CNNVD-200411-078",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8511",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#465542"
},
{
"db": "VULHUB",
"id": "VHN-8511"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. The vulnerability is OpenSSL Applications and systems that use the library may also be affected. For more detailed information about other systems NISCC-224012 (JVN) , NISCC Advisory 224012 (CPNI Advisory 00389) Please check also.OpenSSL An application that uses the service disrupts service operation (DoS) It may be in a state. \nFor the first issue, a NULL-pointer assignment can be triggered by attackers during SSL/TLS handshake exchanges. The CVE candidate name for this vulnerability is CAN-2004-0079. Versions 0.9.6c to 0.9.6k (inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable. \nThe second issue is also exploited during the SSL/TLS handshake, but only when Kerberos ciphersuites are in use. The vendor has reported that this vulnerability may not be a threat to many, because it occurs only when Kerberos ciphersuites are in use, an uncommon configuration. The CVE candidate name for this vulnerability is CAN-2004-0112. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected. \nThis entry will be retired when individual BID records are created for each issue. \n*Note: A third denial-of-service vulnerability included in the announcement was discovered affecting 0.9.6 and fixed in 0.9.6d. The CVE candidate name for this vulnerability is CAN-2004-0081. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database. \n\nTITLE:\nFedora update for openssl096b\n\nSECUNIA ADVISORY ID:\nSA17381\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17381/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nFedora Core 3\nhttp://secunia.com/product/4222/\n\nDESCRIPTION:\nFedora has issued an update for openssl096b. This fixes some\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). \n\nFor more information:\nSA10133\nSA11139\n\nSOLUTION:\nApply updated packages. \n\nFedora Core 3:\nhttp://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/\n\n8d68e4b430aa7c5ca067c12866ae694e\nSRPMS/openssl096b-0.9.6b-21.42.src.rpm\n54a9e78a2fdd625b9dc9121e09eb4398\nx86_64/openssl096b-0.9.6b-21.42.x86_64.rpm\nc5c6174e23eba8d038889d08f49231b8\nx86_64/debug/openssl096b-debuginfo-0.9.6b-21.42.x86_64.rpm\n56b63fc150d0c099b2e4f0950e21005b\nx86_64/openssl096b-0.9.6b-21.42.i386.rpm\n56b63fc150d0c099b2e4f0950e21005b\ni386/openssl096b-0.9.6b-21.42.i386.rpm\n93195495585c7e9789041c75b1ed5380\ni386/debug/openssl096b-debuginfo-0.9.6b-21.42.i386.rpm\n\nOTHER REFERENCES:\nSA10133:\nhttp://secunia.com/advisories/10133/\n\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"db": "CERT/CC",
"id": "VU#465542"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "VULHUB",
"id": "VHN-8511"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#465542",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2004-0081",
"trust": 3.1
},
{
"db": "BID",
"id": "9899",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA04-078A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "11139",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1009458",
"trust": 0.8
},
{
"db": "XF",
"id": "15509",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078",
"trust": 0.7
},
{
"db": "BID",
"id": "13139",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-8511",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "17398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41200",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "17381",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41105",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#465542"
},
{
"db": "VULHUB",
"id": "VHN-8511"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"id": "VAR-200411-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8511"
}
],
"trust": 0.52271296
},
"last_update_date": "2023-12-18T11:48:29.371000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenSSL Vulnerability",
"trust": 0.8,
"url": "http://www.checkpoint.com/services/techsupport/alerts/openssl.html"
},
{
"title": "HPSBUX01011",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00897351"
},
{
"title": "HPSBUX01011",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux01011.html"
},
{
"title": "NetScreen Advisory 58466",
"trust": 0.8,
"url": "http://www.juniper.net/support/security/alerts/adv58466-2.txt"
},
{
"title": "openssl096",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=155"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.openssl.org/"
},
{
"title": "RHSA-2004:119",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
},
{
"title": "RHSA-2004:121",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-121.html"
},
{
"title": "RHSA-2004:120",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-120.html"
},
{
"title": "20040304-01-U",
"trust": 0.8,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
},
{
"title": "57571",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-1"
},
{
"title": "57524",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-1"
},
{
"title": "57571",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57571-3"
},
{
"title": "57524",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57524-3"
},
{
"title": "19387",
"trust": 0.8,
"url": "http://kb.trendmicro.com/solutions/solutiondetail.asp?solutionid=19387"
},
{
"title": "TLSA-2004-9",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2004/tlsa-2004-9.txt"
},
{
"title": "OpenSSL \u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.checkpoint.co.jp/techsupport/alerts/openssl.html"
},
{
"title": "RHSA-2004:120",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-120j.html"
},
{
"title": "RHSA-2004:119",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-119j.html"
},
{
"title": "openssl \u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30db\u30fc\u30eb",
"trust": 0.8,
"url": "http://vinelinux.org/errata/25x/20040319-1.html"
},
{
"title": "TLSA-2004-9",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2004/tlsa-2004-9j.txt"
},
{
"title": "IPCOM\u30b7\u30ea\u30fc\u30ba\u306eOpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://primeserver.fujitsu.com/ipcom/support/security20040325/"
},
{
"title": "[\u91cd\u8981] OpenSSL\u8106\u5f31\u6027\u3078\u306e\u5bfe\u5fdc\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://jp.fujitsu.com/support/security/backnumber/2004/0325/"
},
{
"title": "224012",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cert/niscc.html#224012-openssl"
},
{
"title": "OpenSSL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=169015"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9899"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta04-078a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"trust": 2.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-119.html"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2004/dsa-465"
},
{
"trust": 1.7,
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"trust": 1.7,
"url": "http://fedoranews.org/updates/fedora-2004-095.shtml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11755"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a871"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a902"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-120.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-121.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2004-139.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11139"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"trust": 1.7,
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"trust": 1.1,
"url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.10/scosa-2004.10.txt"
},
{
"trust": 1.1,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
},
{
"trust": 0.8,
"url": "http://www.openssl.org"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=5721"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=5722"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/getfile?v=1.618.2.137\u0026f=openssl/changes"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/getfile?v=1.954\u0026f=openssl/changes"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0081"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040317-00389.xml"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/15509"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041701.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr041801.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-224012"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta04-078a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta04-078a"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0081"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040317-00389.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/mar/1009458.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040318_082932.html"
},
{
"trust": 0.6,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57524"
},
{
"trust": 0.3,
"url": "http://www.4d.com/products/4dwsv.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?page=avaya.css.openpage\u0026temp.template.name=securityadvisory"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000827"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000834"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1256"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1257"
},
{
"trust": 0.3,
"url": "http://www.netscreen.com/services/security/alerts/adv58466-signed.txt"
},
{
"trust": 0.3,
"url": "http://www.stonesoft.com/document/art/3123.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2005-239.htm"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/openssl.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-120.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2005-830.html"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_can-2004-0079.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm"
},
{
"trust": 0.3,
"url": "http://www.securecomputing.com/pdf/52110relnotes.pdf"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57571"
},
{
"trust": 0.3,
"url": "http://www.tarantella.com/security/bulletin-10.html"
},
{
"trust": 0.3,
"url": "http://www.adiscon.com/common/en/advisory/2004-03-18.asp"
},
{
"trust": 0.3,
"url": "http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-1204.txt"
},
{
"trust": 0.3,
"url": "http://www.litespeedtech.com"
},
{
"trust": 0.3,
"url": "/archive/1/357672"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.3,
"url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
},
{
"trust": 0.3,
"url": "/archive/1/395699"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/11139/"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=107955049331965\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108403850228012\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000834"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/48/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2005-829.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1326/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1306/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1044/"
},
{
"trust": 0.1,
"url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4222/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17381/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/10133/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#465542"
},
{
"db": "VULHUB",
"id": "VHN-8511"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#465542"
},
{
"db": "VULHUB",
"id": "VHN-8511"
},
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"db": "PACKETSTORM",
"id": "41200"
},
{
"db": "PACKETSTORM",
"id": "41105"
},
{
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-17T00:00:00",
"db": "CERT/CC",
"id": "VU#465542"
},
{
"date": "2004-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-8511"
},
{
"date": "2004-03-17T00:00:00",
"db": "BID",
"id": "9899"
},
{
"date": "2005-04-12T00:00:00",
"db": "BID",
"id": "13139"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"date": "2005-11-03T01:02:14",
"db": "PACKETSTORM",
"id": "41200"
},
{
"date": "2005-11-02T01:11:22",
"db": "PACKETSTORM",
"id": "41105"
},
{
"date": "2004-11-23T05:00:00",
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"date": "2003-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-06T00:00:00",
"db": "CERT/CC",
"id": "VU#465542"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-8511"
},
{
"date": "2015-03-19T08:20:00",
"db": "BID",
"id": "9899"
},
{
"date": "2006-05-05T23:30:00",
"db": "BID",
"id": "13139"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000087"
},
{
"date": "2021-11-08T15:48:31.743000",
"db": "NVD",
"id": "CVE-2004-0081"
},
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200411-078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL does not properly handle unknown message types",
"sources": [
{
"db": "CERT/CC",
"id": "VU#465542"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9899"
},
{
"db": "BID",
"id": "13139"
}
],
"trust": 0.6
}
}
VAR-199712-0007
Vulnerability from variot - Updated: 2023-12-18 11:45Land IP denial of service. MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed. Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, and HP-UX up to 11.00. It is noted that on Windows Server 2003 and XP SP2, the TCP and IP checksums must be correct to trigger the issue. **Update: It is reported that Microsoft platforms are also prone to this vulnerability. The vendor reports that network routers may not route malformed TCP/IP packets used to exploit this issue. As a result, an attacker may have to discover a suitable route to a target computer, or reside on the target network segment itself before exploitation is possible. The TCP/IP network protocol stack is the most widely used network protocol for Internet networking implemented by most operating systems. There are loopholes in the TCP/IP protocol stack implementation of early BSD-derived systems (except Linux) and Windows systems, and remote attackers can use this loophole to carry out denial-of-service attacks on the server. Due to problems in the implementation of TCP/IP, the target system may have problems processing such malformed packets. Many old versions of UNIX-like operating systems will crash, and NT's CPU resource usage will be close to 100\% (for about five minutes).
The vulnerability is caused due to improper handling of IP packets with the same destination and source IP and the SYN flag set. This causes a system to consume all available CPU resources for a certain period of time.
This kind of attack was first reported in 1997 and became known as LAND attacks.
SOLUTION: Filter traffic with the same IP address as source and destination address at the perimeter.
The vulnerability is caused due to a boundary error in the SMTP service within the handling of a certain extended verb request. This can be exploited to cause a heap-based buffer overflow by connecting to the SMTP service and issuing a specially crafted command. Instead, this requires permissions usually only granted to other Exchange servers in a domain.
Microsoft Exchange 2000 Server (requires SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=2A2AF17E-2E4A-4479-8AC9-B5544EA0BD66
Microsoft Exchange Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=97F409EB-C8D0-4C94-A67B-5945E26C9267
Microsoft Exchange Server 2003 (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=35BCE74A-E84A-4035-BF18-196368F032CC
The following versions are not affected: * Microsoft Exchange Server 5.5 SP4 * Microsoft Exchange Server 5.0 SP2
PROVIDED AND/OR DISCOVERED BY: Mark Dowd and Ben Layer, ISS X-Force.
ORIGINAL ADVISORY: MS05-021 (KB894549): http://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx
ISS X-Force: http://xforce.iss.net/xforce/alerts/id/193
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA05-102A
Multiple Vulnerabilities in Microsoft Windows Components
Original release date: April 12, 2005 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows Systems
For a complete list of affected versions of the Windows operating systems and components, refer to the Microsoft Security Bulletins.
Overview
Microsoft has released a Security Bulletin Summary for April, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Details of the vulnerabilities and their impacts are provided below.
I. Description
The list below provides a mapping between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update.
Appendix A. References
* Microsoft's Security Bulletin Summary for April, 2005 - <
http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>
* US-CERT Vulnerability Note VU#774338 -
<http://www.kb.cert.org/vuls/id/774338>
* US-CERT Vulnerability Note VU#756122 -
<http://www.kb.cert.org/vuls/id/756122>
* US-CERT Vulnerability Note VU#222050 -
<http://www.kb.cert.org/vuls/id/222050>
* US-CERT Vulnerability Note VU#275193 -
<http://www.kb.cert.org/vuls/id/275193>
* US-CERT Vulnerability Note VU#633446 -
<http://www.kb.cert.org/vuls/id/633446>
* US-CERT Vulnerability Note VU#233754 -
<http://www.kb.cert.org/vuls/id/233754>
Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff Havrilla.
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA05-102A.html>
Copyright 2005 Carnegie Mellon University.
Terms of use: http://www.us-cert.gov/legal.html
Revision History
April 12, 2005: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2 glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN 7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+ asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw== =BY/p -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199712-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 5.6,
"vendor": "microsoft",
"version": null
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "4.1.4"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "4.1.3u1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.16"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "netbsd",
"version": "1.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.24"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.30"
},
{
"model": "inet",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "5.01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.05"
},
{
"model": "winsock",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.04"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.07"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.01"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7000"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.03"
},
{
"model": "windows 95",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.00"
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "2.1"
},
{
"model": "windows nt workstation sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.3.1"
},
{
"model": "windows nt sp5",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.31"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.5"
},
{
"model": "ios aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.6"
},
{
"model": "windows nt sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt enterprise server sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "3.0"
},
{
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.34"
},
{
"model": "windows nt workstation sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios f",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios bt",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.12"
},
{
"model": "windows nt workstation sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios ia",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.3"
},
{
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "3.1"
},
{
"model": "windows nt sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.1.x"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.2"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.1"
},
{
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.16"
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.38"
},
{
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "netware",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.1"
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "2.0"
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.36"
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3"
},
{
"model": "ios bt",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows nt sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.x"
},
{
"model": "windows nt enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows nt enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.10"
},
{
"model": "windows nt terminal server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.5"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "2.0.1"
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.3"
},
{
"model": "bsd/os",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdi",
"version": "1.1"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.33"
},
{
"model": "windows nt terminal server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "open desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6.1"
},
{
"model": "ios ia",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.9"
},
{
"model": "netbsd",
"scope": "ne",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.3.2"
},
{
"model": "ios aa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows nt enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows nt terminal server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "unixware",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "2.1"
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt sp3 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.2"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.19"
},
{
"model": "ios f1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.35"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "cmw+",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0"
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "ios ca",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios/700",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "windows nt server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "95"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.2.10"
},
{
"model": "catalyst supervisor software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "29xx2.4.401"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.37"
},
{
"model": "sunos u1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.1.3"
},
{
"model": "windows nt sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "atm switch",
"scope": "eq",
"trust": 0.3,
"vendor": "marconi",
"version": "6.1.1"
},
{
"model": "kernel",
"scope": "ne",
"trust": 0.3,
"vendor": "linux",
"version": "2.0.32"
},
{
"model": "windows nt server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt terminal server sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "catalyst supervisor software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "29xx2.1.1102"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.2.1"
},
{
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0"
},
{
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.8"
},
{
"model": "windows nt workstation sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios p",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.9"
},
{
"model": "atm switch",
"scope": "eq",
"trust": 0.3,
"vendor": "marconi",
"version": "7.0.1"
},
{
"model": "windows nt sp6",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.4"
},
{
"model": "windows nt server sp4",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows nt server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6"
},
{
"model": "bsd/os",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdi",
"version": "4.0.1"
},
{
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios ca",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.2"
},
{
"model": "windows nt terminal server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1x"
},
{
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774338"
},
{
"db": "CERT/CC",
"id": "VU#756122"
},
{
"db": "CERT/CC",
"id": "VU#222050"
},
{
"db": "CERT/CC",
"id": "VU#633446"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:7000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:inet:5.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:winsock:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:4.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:9.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:4.1.3u1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "m3lt meltman@lagged.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
],
"trust": 0.6
},
"cve": "CVE-1999-0016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-16",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-1999-0016",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-0016",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#774338",
"trust": 0.8,
"value": "21.80"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#756122",
"trust": 0.8,
"value": "21.80"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#222050",
"trust": 0.8,
"value": "4.36"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#633446",
"trust": 0.8,
"value": "23.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#396645",
"trust": 0.8,
"value": "12.15"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#233754",
"trust": 0.8,
"value": "12.29"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#275193",
"trust": 0.8,
"value": "36.15"
},
{
"author": "CNNVD",
"id": "CNNVD-199712-002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-16",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-1999-0016",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774338"
},
{
"db": "CERT/CC",
"id": "VU#756122"
},
{
"db": "CERT/CC",
"id": "VU#222050"
},
{
"db": "CERT/CC",
"id": "VU#633446"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "VULHUB",
"id": "VHN-16"
},
{
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Land IP denial of service. MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed. Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. A number of TCP/IP stacks are vulnerable to a \"loopback\" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices \u0026amp; Catalyst switches, and HP-UX up to 11.00. \nIt is noted that on Windows Server 2003 and XP SP2, the TCP and IP checksums must be correct to trigger the issue. \n**Update: It is reported that Microsoft platforms are also prone to this vulnerability. The vendor reports that network routers may not route malformed TCP/IP packets used to exploit this issue. As a result, an attacker may have to discover a suitable route to a target computer, or reside on the target network segment itself before exploitation is possible. The TCP/IP network protocol stack is the most widely used network protocol for Internet networking implemented by most operating systems. There are loopholes in the TCP/IP protocol stack implementation of early BSD-derived systems (except Linux) and Windows systems, and remote attackers can use this loophole to carry out denial-of-service attacks on the server. Due to problems in the implementation of TCP/IP, the target system may have problems processing such malformed packets. Many old versions of UNIX-like operating systems will crash, and NT\u0027s CPU resource usage will be close to 100\\\\% (for about five minutes). \n\nThe vulnerability is caused due to improper handling of IP packets\nwith the same destination and source IP and the SYN flag set. This\ncauses a system to consume all available CPU resources for a certain\nperiod of time. \n\nThis kind of attack was first reported in 1997 and became known as\nLAND attacks. \n\nSOLUTION:\nFilter traffic with the same IP address as source and destination\naddress at the perimeter. \n\nThe vulnerability is caused due to a boundary error in the SMTP\nservice within the handling of a certain extended verb request. This\ncan be exploited to cause a heap-based buffer overflow by connecting\nto the SMTP service and issuing a specially crafted command. Instead, this requires permissions\nusually only granted to other Exchange servers in a domain. \n\nMicrosoft Exchange 2000 Server (requires SP3):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=2A2AF17E-2E4A-4479-8AC9-B5544EA0BD66\n\nMicrosoft Exchange Server 2003:\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=97F409EB-C8D0-4C94-A67B-5945E26C9267\n\nMicrosoft Exchange Server 2003 (requires SP1):\nhttp://www.microsoft.com/downloads/details.aspx?FamilyId=35BCE74A-E84A-4035-BF18-196368F032CC\n\nThe following versions are not affected:\n* Microsoft Exchange Server 5.5 SP4\n* Microsoft Exchange Server 5.0 SP2\n\nPROVIDED AND/OR DISCOVERED BY:\nMark Dowd and Ben Layer, ISS X-Force. \n\nORIGINAL ADVISORY:\nMS05-021 (KB894549):\nhttp://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx\n\nISS X-Force:\nhttp://xforce.iss.net/xforce/alerts/id/193\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System \n\n Technical Cyber Security Alert TA05-102A \n\nMultiple Vulnerabilities in Microsoft Windows Components\n\n Original release date: April 12, 2005\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows Systems\n\n For a complete list of affected versions of the Windows operating\n systems and components, refer to the Microsoft Security Bulletins. \n\n\nOverview\n\n Microsoft has released a Security Bulletin Summary for April, 2005. \n This summary includes several bulletins that address\n vulnerabilities in various Windows applications and\n components. Details of\n the vulnerabilities and their impacts are provided below. \n\n\nI. Description\n\n The list below provides a mapping between Microsoft\u0027s Security\n Bulletins and the related US-CERT Vulnerability Notes. More\n information related to the vulnerabilities is available in these\n documents. \n\n\nIII. Solution\n\nApply a patch\n\n Microsoft has provided the patches for these vulnerabilities in the\n Security Bulletins and on Windows Update. \n\n\nAppendix A. References\n\n * Microsoft\u0027s Security Bulletin Summary for April, 2005 - \u003c\n http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx\u003e\n\n * US-CERT Vulnerability Note VU#774338 -\n \u003chttp://www.kb.cert.org/vuls/id/774338\u003e\n\n * US-CERT Vulnerability Note VU#756122 -\n \u003chttp://www.kb.cert.org/vuls/id/756122\u003e\n\n * US-CERT Vulnerability Note VU#222050 -\n \u003chttp://www.kb.cert.org/vuls/id/222050\u003e\n\n * US-CERT Vulnerability Note VU#275193 -\n \u003chttp://www.kb.cert.org/vuls/id/275193\u003e\n\n * US-CERT Vulnerability Note VU#633446 -\n \u003chttp://www.kb.cert.org/vuls/id/633446\u003e\n\n * US-CERT Vulnerability Note VU#233754 -\n \u003chttp://www.kb.cert.org/vuls/id/233754\u003e\n _________________________________________________________________\n\n Feedback can be directed to the authors: Will Dormann, Jeff Gennari,\n Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff\n Havrilla. \n _________________________________________________________________\n\n This document is available from: \n \n \u003chttp://www.us-cert.gov/cas/techalerts/TA05-102A.html\u003e \n \n _________________________________________________________________\n\n Copyright 2005 Carnegie Mellon University. \n \n Terms of use: \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\n Revision History\n\n April 12, 2005: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2\nglam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN\n7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF\nJEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT\nXwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+\nasqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw==\n=BY/p\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"db": "CERT/CC",
"id": "VU#774338"
},
{
"db": "CERT/CC",
"id": "VU#756122"
},
{
"db": "CERT/CC",
"id": "VU#222050"
},
{
"db": "CERT/CC",
"id": "VU#633446"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "VULHUB",
"id": "VHN-16"
},
{
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"db": "PACKETSTORM",
"id": "36523"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "PACKETSTORM",
"id": "37198"
}
],
"trust": 6.66
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=20812",
"trust": 0.5,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-16",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16"
},
{
"db": "VULMON",
"id": "CVE-1999-0016"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-1999-0016",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "14512",
"trust": 1.7
},
{
"db": "BID",
"id": "2666",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#774338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#756122",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#222050",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#633446",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#233754",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "14920",
"trust": 0.9
},
{
"db": "USCERT",
"id": "TA05-102A",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#275193",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "14578",
"trust": 0.8
},
{
"db": "XF",
"id": "19593",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#396645",
"trust": 0.8
},
{
"db": "BID",
"id": "13116",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1013686",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "15467",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002",
"trust": 0.7
},
{
"db": "HP",
"id": "HPSBUX9801-076",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "20812",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "20810",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "20814",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "20813",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "20811",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-16",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-1999-0016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "36523",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "37141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "37198",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774338"
},
{
"db": "CERT/CC",
"id": "VU#756122"
},
{
"db": "CERT/CC",
"id": "VU#222050"
},
{
"db": "CERT/CC",
"id": "VU#633446"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "VULHUB",
"id": "VHN-16"
},
{
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "PACKETSTORM",
"id": "36523"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "PACKETSTORM",
"id": "37198"
},
{
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"id": "VAR-199712-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16"
}
],
"trust": 0.43667661
},
"last_update_date": "2023-12-18T11:45:22.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-1999-0016-Land-DOS-tool",
"trust": 0.1,
"url": "https://github.com/pexmee/cve-1999-0016-land-dos-tool "
},
{
"title": "opensims",
"trust": 0.1,
"url": "https://github.com/ascendantlogic/opensims "
},
{
"title": "CVE-1999-0016-POC",
"trust": 0.1,
"url": "https://github.com/pommaq/cve-1999-0016-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-1999-0016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx"
},
{
"trust": 1.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux9801-076"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/14512/"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/alerts/id/193"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/14920/"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-020.mspx"
},
{
"trust": 0.8,
"url": "http://www.idefense.com/application/poi/display?id=228\u0026type=vulnerabilities"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/security/bulletins/200504_msnmessenger.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-022.mspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/889829"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/896597"
},
{
"trust": 0.8,
"url": "http://messenger.msn.com"
},
{
"trust": 0.8,
"url": "http://www.w3.org/graphics/gif/spec-gif89a.txt"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/14512"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/2666 "
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/19593"
},
{
"trust": 0.8,
"url": "http://osvdb.org/displayvuln.php?osvdb_id=14578"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/alerts/id/192"
},
{
"trust": 0.8,
"url": "http://www.iana.org/assignments/ip-parameters"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/13116/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/apr/1013686.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-102a.html"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=15467"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q165/0/05.asp"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/support/kb/articles/q177/5/39.asp"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/tidfinder.cgi?2932511"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/770/land-pub.shtml#iosvers"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/392354"
},
{
"trust": 0.3,
"url": "/archive/1/392642"
},
{
"trust": 0.3,
"url": "/archive/1/393045"
},
{
"trust": 0.3,
"url": "/archive/1/392354"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/pexmee/cve-1999-0016-land-dos-tool"
},
{
"trust": 0.1,
"url": "https://github.com/ascendantlogic/opensims"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/20812/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=8889"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?f=l"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=35bce74a-e84a-4035-bf18-196368f032cc"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=2a2af17e-2e4a-4479-8ac9-b5544ea0bd66"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/41/"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/downloads/details.aspx?familyid=97f409eb-c8d0-4c94-a67b-5945e26c9267"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1828/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/633446\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/222050\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/233754\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/275193\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/774338\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-102a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/756122\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774338"
},
{
"db": "CERT/CC",
"id": "VU#756122"
},
{
"db": "CERT/CC",
"id": "VU#222050"
},
{
"db": "CERT/CC",
"id": "VU#633446"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "VULHUB",
"id": "VHN-16"
},
{
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "PACKETSTORM",
"id": "36523"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "PACKETSTORM",
"id": "37198"
},
{
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#774338"
},
{
"db": "CERT/CC",
"id": "VU#756122"
},
{
"db": "CERT/CC",
"id": "VU#222050"
},
{
"db": "CERT/CC",
"id": "VU#633446"
},
{
"db": "CERT/CC",
"id": "VU#396645"
},
{
"db": "CERT/CC",
"id": "VU#233754"
},
{
"db": "CERT/CC",
"id": "VU#275193"
},
{
"db": "VULHUB",
"id": "VHN-16"
},
{
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"db": "BID",
"id": "2666"
},
{
"db": "PACKETSTORM",
"id": "36523"
},
{
"db": "PACKETSTORM",
"id": "37141"
},
{
"db": "PACKETSTORM",
"id": "37198"
},
{
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#774338"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#756122"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#222050"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#633446"
},
{
"date": "2005-04-13T00:00:00",
"db": "CERT/CC",
"id": "VU#396645"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#233754"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#275193"
},
{
"date": "1997-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-16"
},
{
"date": "1997-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"date": "1997-11-20T00:00:00",
"db": "BID",
"id": "2666"
},
{
"date": "2005-03-15T04:45:15",
"db": "PACKETSTORM",
"id": "36523"
},
{
"date": "2005-04-18T07:20:47",
"db": "PACKETSTORM",
"id": "37141"
},
{
"date": "2005-04-19T06:59:49",
"db": "PACKETSTORM",
"id": "37198"
},
{
"date": "1997-12-01T05:00:00",
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"date": "1997-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-18T00:00:00",
"db": "CERT/CC",
"id": "VU#774338"
},
{
"date": "2005-04-13T00:00:00",
"db": "CERT/CC",
"id": "VU#756122"
},
{
"date": "2005-04-13T00:00:00",
"db": "CERT/CC",
"id": "VU#222050"
},
{
"date": "2005-04-12T00:00:00",
"db": "CERT/CC",
"id": "VU#633446"
},
{
"date": "2005-04-13T00:00:00",
"db": "CERT/CC",
"id": "VU#396645"
},
{
"date": "2005-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#233754"
},
{
"date": "2005-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#275193"
},
{
"date": "2008-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-16"
},
{
"date": "2008-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-1999-0016"
},
{
"date": "2009-07-11T06:06:00",
"db": "BID",
"id": "2666"
},
{
"date": "2008-09-09T12:33:32.243000",
"db": "NVD",
"id": "CVE-1999-0016"
},
{
"date": "2006-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "37198"
},
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Internet Explorer DHTML objects contain a race condition",
"sources": [
{
"db": "CERT/CC",
"id": "VU#774338"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199712-002"
}
],
"trust": 0.6
}
}
VAR-199708-0008
Vulnerability from variot - Updated: 2023-12-18 11:28ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. McAfee Data Loss Prevention (DLP) is a set of data loss prevention solutions from McAfee. The solution protects intellectual property and ensures compliance by protecting the environment in which sensitive data resides (on-premise, in the cloud, or on the endpoint). Cross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in McAfee DLP. When the user browses the affected website, his browser will execute any script code provided by the attacker, which may cause the attacker to steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, or other forms may exist. s attack. Other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-199708-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "netware",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "windows",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": null
},
{
"model": "os2",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "bsdos",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": null
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "unix",
"scope": "eq",
"trust": 1.0,
"vendor": "sco",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "kernel",
"scope": null,
"trust": 0.6,
"vendor": "linux",
"version": null
},
{
"model": "network data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2.2"
},
{
"model": "network data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2.1"
},
{
"model": "network data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2.0"
},
{
"model": "network data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "8.6"
},
{
"model": "network data loss prevention",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.3"
}
],
"sources": [
{
"db": "BID",
"id": "61811"
},
{
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:bsdos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ibm:os2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:tru64:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sco:sco_unix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ANZ Bank, BAE Systems, Graham Bell of Stratsec.Detica, Jamie Ooi, DirecTV, Xylinx, and Telstra",
"sources": [
{
"db": "BID",
"id": "61811"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-265"
}
],
"trust": 0.9
},
"cve": "CVE-1999-0524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-522",
"impactScore": 0.0,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-1999-0524",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-199708-003",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-522",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-522"
},
{
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. McAfee Data Loss Prevention (DLP) is a set of data loss prevention solutions from McAfee. The solution protects intellectual property and ensures compliance by protecting the environment in which sensitive data resides (on-premise, in the cloud, or on the endpoint). \nCross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in McAfee DLP. When the user browses the affected website, his browser will execute any script code provided by the attacker, which may cause the attacker to steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, or other forms may exist. s attack. Other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-265"
},
{
"db": "BID",
"id": "61811"
},
{
"db": "VULHUB",
"id": "VHN-522"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "MCAFEE",
"id": "SB10053",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-1999-0524",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "95",
"trust": 1.7
},
{
"db": "BID",
"id": "61811",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-199708-003",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201308-265",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-522"
},
{
"db": "BID",
"id": "61811"
},
{
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-265"
}
]
},
"id": "VAR-199708-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-522"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:28:35.912000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-522"
},
{
"db": "NVD",
"id": "CVE-1999-0524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10053"
},
{
"trust": 1.7,
"url": "http://descriptions.securescout.com/tc/11010"
},
{
"trust": 1.7,
"url": "http://descriptions.securescout.com/tc/11011"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/95"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/306"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/322"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.6,
"url": "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc\u0026externalid=1434"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61811"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/us/products/data-protection/data-loss-prevention.aspx"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10053"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc\u0026amp;externalid=1434"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-522"
},
{
"db": "BID",
"id": "61811"
},
{
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-522"
},
{
"db": "BID",
"id": "61811"
},
{
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "1997-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-522"
},
{
"date": "2013-08-13T00:00:00",
"db": "BID",
"id": "61811"
},
{
"date": "1997-08-01T04:00:00",
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"date": "1997-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199708-003"
},
{
"date": "2013-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-522"
},
{
"date": "2013-08-13T00:00:00",
"db": "BID",
"id": "61811"
},
{
"date": "2022-11-14T19:33:21.037000",
"db": "NVD",
"id": "CVE-1999-0524"
},
{
"date": "2022-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-199708-003"
},
{
"date": "2013-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux kernel Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-199708-003"
}
],
"trust": 0.6
}
}
VAR-200304-0013
Vulnerability from variot - Updated: 2023-12-18 11:16The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. Sendmail contains a buffer overflow in code that parses email addresses. A remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The flaw is present in the 'prescan()' procedure, which is used for processing email addresses in SMTP headers. This vulnerability stems from a logic error in the conversion of a char to an integer value. The issue has been fixed Sendmail 8.12.9. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. Sendmail is one of the most popular MTAs. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\% to 75\% of the total. Many UNIX and Linux workstations run Sendmail by default. This vulnerability exists in the prescan() process. The vulnerability is for messages, not connections. This means that the vulnerability is triggered by the content of a specially crafted email message, rather than by lower-level network communications. This is important because a non-vulnerable MTA can send malicious messages along with other protected MTAs in the network. In other words, even if the software used by the boundary MTA of the site is not sendmail, the sendmail service program with loopholes inside the network is still threatened. Messages that exploit this vulnerability can also pass through many common packet filters or firewalls undetected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200304-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "switch",
"scope": "eq",
"trust": 1.8,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "10.24"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.6,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.34"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.0.4"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.30"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.6"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.26"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.16"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.5"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "7.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "2.4"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "aix",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk3_bl3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.5"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk6_bl17"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk2_bl2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": null
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0d_pk9_bl17"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk5_bl19"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.0f"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f_pk7_bl18"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0f"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk4_bl18"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"model": "hp-ux series 700",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.20"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b_pk1_bl1"
},
{
"model": "sis",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.0a"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.0a_pk3_bl17"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.8"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "9.0"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g_pk3_bl17"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.0_pk4_bl18"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "8.0"
},
{
"model": "hp-ux series 800",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.20"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.5.1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.00"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0d"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.7"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a_pk1_bl1"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0g"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.08"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1b"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.0_pk4_bl17"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk6_bl20"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.0"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1_pk3_bl17"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "5.1a"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "sunos",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "5.4"
},
{
"model": "switch",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.09"
},
{
"model": "tru64",
"scope": "eq",
"trust": 1.0,
"vendor": "compaq",
"version": "4.0b"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "sendmail",
"scope": "eq",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mirapoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sendmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sequent ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sendmail consortium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": "sendmail",
"scope": "lte",
"trust": 0.8,
"vendor": "sendmail consortium",
"version": "8.11.6"
},
{
"model": "sendmail",
"scope": "lte",
"trust": 0.8,
"vendor": "sendmail consortium",
"version": "8.12.8"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "advanced message server",
"scope": null,
"trust": 0.8,
"vendor": "sendmail",
"version": null
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.1.x"
},
{
"model": "switch",
"scope": "eq",
"trust": 0.8,
"vendor": "sendmail",
"version": "2.2.x"
},
{
"model": "turbolinux advanced server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.1"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.0"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.10"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "10.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "11.04"
},
{
"model": "tru64 pk4",
"scope": "eq",
"trust": 0.6,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "hp-ux sis",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "z/os v1r4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tru64 pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.16"
},
{
"model": "os/390 v2r6",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tru64 f pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.0"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.6"
},
{
"model": "consortium sendmail beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.2"
},
{
"model": "tru64 pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "nonstop-ux whitney",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.0"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.2"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "z/os",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.3"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.7"
},
{
"model": "os/390 v2r9",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.5"
},
{
"model": "solaris x86",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.2"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.3"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.9"
},
{
"model": "hp-ux series",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20700"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "z/os v1r2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "consortium sendmail beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.6"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.5"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.7"
},
{
"model": "tru64 g pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 d pk9",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "os/390 v2r8",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "solaris 2.6 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "hp-ux b.11.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aix l",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "solaris 2.4 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq 4100r",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.11"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.4"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.8"
},
{
"model": "tru64 d",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.8"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "nonstop-ux puma",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "9"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.18"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.5"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.8"
},
{
"model": "tru64 f pk7",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.9"
},
{
"model": "openlinux server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "3.1.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.2"
},
{
"model": "tru64 pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.4"
},
{
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.5"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.2"
},
{
"model": "cobalt qube3 4000wg",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.8"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.3"
},
{
"model": "consortium sendmail beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "os/390 v2r10",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.13"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.2"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.14"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.3"
},
{
"model": "mpe/ix",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.3"
},
{
"model": "altavista firewall avfw98",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "tru64 b pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a pk1",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.4"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.9"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.7"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.1"
},
{
"model": "solaris 2.5 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.4"
},
{
"model": "openlinux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "3.1.1"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5"
},
{
"model": "internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.4"
},
{
"model": "consortium sendmail beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.5"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "tru64 a pk4",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"model": "tru64 a pk2",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "3.0"
},
{
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.15"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.10"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.2.5"
},
{
"model": "solaris 7.0 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.12.3"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.4"
},
{
"model": "solaris 9 x86 update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2"
},
{
"model": "lx50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.6"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.3"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "alphaserver sc",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "irix",
"scope": "ne",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.20"
},
{
"model": "tru64 pk5",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "1.5.1"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "inc sendmail switch",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.1.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.12"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.9.1"
},
{
"model": "solaris ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.5.1"
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.11.2"
},
{
"model": "hp-ux series",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20800"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6"
},
{
"model": "inc sendmail for nt",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "2.6.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.17"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "tru64 a pk3",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.2"
},
{
"model": "mvs",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "cobalt raq4 3001r",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "consortium sendmail",
"scope": "eq",
"trust": 0.3,
"vendor": "sendmail",
"version": "8.10.1"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "cobalt raq xtr 3500r",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "altavista firewall raptor ec",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#897604"
},
{
"db": "BID",
"id": "7230"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:sis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0161"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michal Zalewski\u203b lcamtuf@dione.ids.pl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2003-0161",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-6991",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0161",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#897604",
"trust": 0.8,
"value": "67.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200304-025",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-6991",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2003-0161",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#897604"
},
{
"db": "VULHUB",
"id": "VHN-6991"
},
{
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. Sendmail contains a buffer overflow in code that parses email addresses. A remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The flaw is present in the \u0027prescan()\u0027 procedure, which is used for processing email addresses in SMTP headers. This vulnerability stems from a logic error in the conversion of a char to an integer value. The issue has been fixed Sendmail 8.12.9. Most organizations have various mail transfer agents (MTAs) at various locations within their network, at least one of which is directly connected to the Internet. Sendmail is one of the most popular MTAs. According to statistics, Internet mail traffic handled by Sendmail accounts for 50\\\\% to 75\\\\% of the total. Many UNIX and Linux workstations run Sendmail by default. This vulnerability exists in the prescan() process. The vulnerability is for messages, not connections. This means that the vulnerability is triggered by the content of a specially crafted email message, rather than by lower-level network communications. This is important because a non-vulnerable MTA can send malicious messages along with other protected MTAs in the network. In other words, even if the software used by the boundary MTA of the site is not sendmail, the sendmail service program with loopholes inside the network is still threatened. Messages that exploit this vulnerability can also pass through many common packet filters or firewalls undetected",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"db": "CERT/CC",
"id": "VU#897604"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"db": "BID",
"id": "7230"
},
{
"db": "VULHUB",
"id": "VHN-6991"
},
{
"db": "VULMON",
"id": "CVE-2003-0161"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=24",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-6991",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6991"
},
{
"db": "VULMON",
"id": "CVE-2003-0161"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#897604",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2003-0161",
"trust": 2.9
},
{
"db": "BID",
"id": "7230",
"trust": 2.9
},
{
"db": "XF",
"id": "11653",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025",
"trust": 0.7
},
{
"db": "REDHAT",
"id": "RHSA-2003:121",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:120",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-278",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-290",
"trust": 0.6
},
{
"db": "SCO",
"id": "SCOSA-2004.11",
"trust": 0.6
},
{
"db": "IMMUNIX",
"id": "IMNX-2003-7+-002-01",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "52620",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "52700",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "1001088",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030329 SENDMAIL 8.12.9 AVAILABLE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030520 [FWD: 127 RESEARCH AND DEVELOPMENT: 127 DAY!]",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030331 GLSA: SENDMAIL (200303-27)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030329 SENDMAIL: -1 GONE WILD",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030330 [OPENPKG-SA-2003.027] OPENPKG SECURITY ADVISORY (SENDMAIL)",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20030329 SENDMAIL: -1 GONE WILD",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2003-12",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2003:614",
"trust": 0.6
},
{
"db": "SGI",
"id": "20030401-01-P",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2003-016.0",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200303-27",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-03:07",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "24",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-15232",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62723",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76244",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22442",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-6991",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2003-0161",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#897604"
},
{
"db": "VULHUB",
"id": "VHN-6991"
},
{
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"db": "BID",
"id": "7230"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"id": "VAR-200304-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6991"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:16:12.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX00253",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00958571"
},
{
"title": "HPSBUX0304-253",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-253.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ibm.com/jp/"
},
{
"title": "RHSA-2003:120",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2003-120.html"
},
{
"title": "sendmail 8.12.9 available",
"trust": 0.8,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"title": "52620",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"title": "52700",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"title": "52700",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-3"
},
{
"title": "52620",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-3"
},
{
"title": "4 Sendmail Security Update 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Sendmail Security Update 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Sendmail Security Update 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-24",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-24.txt"
},
{
"title": "Sendmail Inc. Information for VU#897604",
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/aamn-5kuutz"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sendmail.co.jp/"
},
{
"title": "RHSA-2003:120",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-120j.html"
},
{
"title": "TLSA-2003-24",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-24j.txt"
},
{
"title": "Debian Security Advisories: DSA-290-1 sendmail-wide -- char-to-int conversion",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8086c3d7d3014252ce37b8626383010c"
},
{
"title": "cumes",
"trust": 0.1,
"url": "https://github.com/byte-mug/cumes "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/897604"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/7230"
},
{
"trust": 2.6,
"url": "http://www.cert.org/advisories/ca-2003-12.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"trust": 1.8,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2003-016.0.txt"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2003/dsa-278"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2003/dsa-290"
},
{
"trust": 1.8,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-03:07.sendmail.asc"
},
{
"trust": 1.8,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-march/004295.html"
},
{
"trust": 1.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2003-120.html"
},
{
"trust": 1.8,
"url": "http://www.redhat.com/support/errata/rhsa-2003-121.html"
},
{
"trust": 1.8,
"url": "ftp://ftp.sco.com/pub/updates/openserver/scosa-2004.11/scosa-2004.11.txt"
},
{
"trust": 1.8,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-p"
},
{
"trust": 1.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
},
{
"trust": 1.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
},
{
"trust": 1.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
},
{
"trust": 1.7,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000614"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/archive/1/317135/30/25220/threaded"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/316773/2003-03-28/2003-04-03/0"
},
{
"trust": 0.8,
"url": "http://www.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=22127"
},
{
"trust": 0.8,
"url": "http://www.sendmail.org/secure-install.html"
},
{
"trust": 0.8,
"url": "http://www.sendmail.org/ftp/release_notes"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2047.txt"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/n-067.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0161"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20030331sendmail.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr031401.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr031501.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2003/wr031301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2003/at030004.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-12"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2003-07/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0161"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/11653"
},
{
"trust": 0.8,
"url": "http://www.isskk.co.jp/support/techinfo/general/sendmail033103_xforce.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030330_153031.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030506_122656.html"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104897487512238\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/316961/30/25250/threaded"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104914999806315\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104896621106790\u0026w=2"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f52620"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2003.0793.1"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026nav=patchpage"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-121.html"
},
{
"trust": 0.3,
"url": "http://www.sendmail.org/"
},
{
"trust": 0.3,
"url": "http://www.sotlinux.org/en/sotlinux/sa/2003/2003-0019.php"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v4.0f/duv40fb18-c0093400-17811-es-20030403.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1a/t64v51ab21-c0112900-17770-es-20030402.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1b/t64v51bb1-c0008000-17812-es-20030403.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v5.1/t64v51b20-c0176700-17773-es-20030402.readme"
},
{
"trust": 0.3,
"url": "http://ftp.support.compaq.com/patches/public/unix/v4.0g/t64v40gb17-c0029200-17810-es-20030403.readme"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f52700\u0026zone_32=category%3asecurity"
},
{
"trust": 0.3,
"url": "/archive/1/321997"
},
{
"trust": 0.3,
"url": "/archive/1/316760"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104897487512238\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104896621106790\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=104914999806315\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000614"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-290"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/24/"
},
{
"trust": 0.1,
"url": "https://github.com/byte-mug/cumes"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#897604"
},
{
"db": "VULHUB",
"id": "VHN-6991"
},
{
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"db": "BID",
"id": "7230"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#897604"
},
{
"db": "VULHUB",
"id": "VHN-6991"
},
{
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"db": "BID",
"id": "7230"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-29T00:00:00",
"db": "CERT/CC",
"id": "VU#897604"
},
{
"date": "2003-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-6991"
},
{
"date": "2003-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"date": "2003-03-29T00:00:00",
"db": "BID",
"id": "7230"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"date": "2003-04-02T05:00:00",
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"date": "2003-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-09-25T00:00:00",
"db": "CERT/CC",
"id": "VU#897604"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-6991"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2003-0161"
},
{
"date": "2007-09-21T23:40:00",
"db": "BID",
"id": "7230"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000101"
},
{
"date": "2018-10-30T16:26:22.763000",
"db": "NVD",
"id": "CVE-2003-0161"
},
{
"date": "2010-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sendmail address parsing buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#897604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "7230"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-025"
}
],
"trust": 0.9
}
}