Vulnerabilites related to hp - icewall_sso_agent_option
Vulnerability from fkie_nvd
Published
2016-09-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", matchCriteriaId: "21F16D65-8A46-4AC7-8970-73AB700035FB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", matchCriteriaId: "92F393FF-7E6F-4671-BFBF-060162E12659", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", matchCriteriaId: "E1B85A09-CF8D-409D-966E-168F9959F6F6", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", matchCriteriaId: "A9EC827B-5313-47D7-BF49-CFF033CF3D53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", matchCriteriaId: "A438E65F-33B1-46BC-AD93-200DCC6B43D4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", matchCriteriaId: "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", matchCriteriaId: "6A0B4DEF-C6E8-4243-9893-6E650013600C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", matchCriteriaId: "E28CD4F7-522F-4ECA-9035-228596CDE769", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", matchCriteriaId: "A491B32F-31F0-4151-AE9B-313CBF2C060D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", matchCriteriaId: "0AF4953B-BB23-4C80-8C48-9E94EB234AAE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", matchCriteriaId: "B3261B40-5CBE-4AA6-990A-0A7BE96E5518", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", matchCriteriaId: "C6AFB9DD-DA50-4F9D-B19D-160CA487D002", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", matchCriteriaId: "87037877-8506-4737-9F47-2CB687975B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", matchCriteriaId: "FD94C478-6F81-4F37-B7F3-61D8682EC593", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F788DAEB-9865-45DE-B18A-FDD43E1EBB9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", matchCriteriaId: "18797BEE-417D-4959-9AAD-C5A7C051B524", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", matchCriteriaId: "6FAA3C31-BD9D-45A9-A502-837FECA6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", matchCriteriaId: "6455A421-9956-4846-AC7C-3431E0D37D23", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", matchCriteriaId: "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", matchCriteriaId: "9B89180B-FB68-4DD8-B076-16E51CC7FB91", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", matchCriteriaId: "4C986592-4086-4A39-9767-EF34DBAA6A53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", matchCriteriaId: "7B23181C-03DB-4E92-B3F6-6B585B5231B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", matchCriteriaId: "94D9EC1C-4843-4026-9B05-E060E9391734", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", matchCriteriaId: "036FB24F-7D86-4730-8BC9-722875BEC807", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "080F38F5-0A51-43BC-BC66-98545B31A0F2", versionEndExcluding: "0.10.47", versionStartIncluding: "0.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "F90AAE35-9B46-4FEA-AF3A-5F28761EAC4D", versionEndExcluding: "0.12.16", versionStartIncluding: "0.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "A47FC4F7-1F77-4314-B4B3-3C5D8E335379", versionEndIncluding: "4.1.2", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "303F780C-C971-4216-86D6-5026AAD56279", versionEndExcluding: "4.6.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "121E5D5D-B4D9-43F3-B5C9-74590192FAF1", versionEndIncluding: "5.12.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "8291D42E-9E50-414D-9752-D70906D512B2", versionEndExcluding: "6.7.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", }, { lang: "es", value: "El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_srvr.c.", }, ], id: "CVE-2016-6306", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-26T19:59:02.910", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93153", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036885", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K90492697", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K90492697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-21", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-04 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "EE418D71-EAD6-4BB6-B6D6-88CE0FFA5A53", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", matchCriteriaId: "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", matchCriteriaId: "C0C5F004-F7D8-45DB-B173-351C50B0EC16", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", matchCriteriaId: "D1902D2E-1896-4D3D-9E1C-3A675255072C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", matchCriteriaId: "454211D0-60A2-4661-AECA-4C0121413FEB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "4752862B-7D26-4285-B8A0-CF082C758353", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", matchCriteriaId: "58EA7199-3373-4F97-9907-3A479A02155E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "4693BD36-E522-4C8E-9667-8F3E14A05EF3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", matchCriteriaId: "2BBBC5EA-012C-4C5D-A61B-BAF134B300DA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2A358FDF-C249-4D7A-9445-8B9E7D9D40AF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", matchCriteriaId: "AFF96F96-34DB-4EB3-BF59-11220673FA26", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "EDF3E379-47D2-4C86-8C6D-8B3C25A0E1C4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "61E008F8-2F01-4DD8-853A-337B4B4163C6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "701424A2-BB06-44B5-B468-7164E4F95529", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*", matchCriteriaId: "1BA6388C-5B6E-4651-8AE3-EBCCF61C27E7", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*", matchCriteriaId: "8F9A5B7E-33A9-4651-9BE1-371A0064B661", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*", matchCriteriaId: "F99252E8-A59C-48E1-B251-718D7FB3E399", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*", matchCriteriaId: "4E0DDEF6-A8EE-46C4-A046-A1F26E7C4E87", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*", matchCriteriaId: "14B38892-9C00-4510-B7BA-F2A8F2CACCAE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*", matchCriteriaId: "7409B064-D43E-489E-AEC6-0A767FB21737", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*", matchCriteriaId: "F019268F-80C4-48FE-8164-E9DA0A3BAFF6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*", matchCriteriaId: "1EFBD214-FCFE-4F04-A903-66EFDA764B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*", matchCriteriaId: "425D86B3-6BB9-410D-8125-F7CF87290AD6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*", matchCriteriaId: "3EE3BB0D-1002-41E4-9BE8-875D97330057", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*", matchCriteriaId: "6622472B-8644-4D45-A54B-A215C3D64B83", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*", matchCriteriaId: "B338F95B-2924-435B-827F-E64420A93244", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*", matchCriteriaId: "209D1349-7740-4DBE-80A5-E6343C62BAB5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*", matchCriteriaId: "09E77C24-C265-403D-A193-B3739713F6B6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*", matchCriteriaId: "28616FA3-9A98-4AAE-9F94-3E77A14156EA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*", matchCriteriaId: "603A14BF-72BB-4A3D-8CBC-932DC45CEC06", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*", matchCriteriaId: "4C2E1C55-3C89-4F26-A981-1195BCC9BB5C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*", matchCriteriaId: "31BB906B-812F-462C-9AEE-147C1418D865", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", matchCriteriaId: "69A7FC28-A0EC-4516-9776-700343D2F4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", matchCriteriaId: "D4D811A9-4988-4C11-AA27-F5BE2B93D8D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*", matchCriteriaId: "63CCC942-8906-421A-A1C8-E105B54912D5", versionEndIncluding: "1.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0F8C62EF-1B67-456A-9C66-755439CF8556", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", matchCriteriaId: "33E9607B-4D28-460D-896B-E4B7FA22441E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A819E245-D641-4F19-9139-6C940504F6E7", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", matchCriteriaId: "81A31CA0-A209-4C49-AA06-C38E165E5B68", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", matchCriteriaId: "08022987-B36B-4F63-88A5-A8F59195DF4A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", matchCriteriaId: "0AA563BF-A67A-477D-956A-167ABEF885C5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FF4B7557-EF35-451E-B55D-3296966695AC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*", matchCriteriaId: "6F1B937B-57E0-4E88-9E39-39012A924525", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", matchCriteriaId: "8980E61E-27BE-4858-82B3-C0E8128AF521", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", matchCriteriaId: "88CE057E-2092-4C98-8D0C-75CF439D0A9C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", matchCriteriaId: "A9731BAA-4C6C-4259-B786-F577D8A90FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", matchCriteriaId: "1F74A421-D019-4248-84B8-C70D4D9A8A95", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", matchCriteriaId: "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", matchCriteriaId: "305688F2-50A6-41FB-8614-BC589DB9A789", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25966344-15D5-4101-9346-B06BFD2DFFF5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", matchCriteriaId: "0D4F710E-06EA-48F4-AC6A-6F143950F015", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", matchCriteriaId: "2C4936C2-0B2D-4C44-98C3-443090965F5E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", matchCriteriaId: "48453405-2319-4327-9F4C-6F70B49452C6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", matchCriteriaId: "49DD9544-6424-41A6-AEC0-EC19B8A10E71", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", matchCriteriaId: "E4670E65-2E11-49A4-B661-57C2F60D411F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", matchCriteriaId: "31002A23-4788-4BC7-AE11-A3C2AA31716D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", matchCriteriaId: "7144EDDF-8265-4642-8EEB-ED52527E0A26", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", matchCriteriaId: "DF06B5C1-B9DD-4673-A101-56E1E593ACDD", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", matchCriteriaId: "7D731065-626B-4425-8E49-F708DD457824", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", matchCriteriaId: "B3D850EA-E537-42C8-93B9-96E15CB26747", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", matchCriteriaId: "E037DA05-2BEF-4F64-B8BB-307247B6A05C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", matchCriteriaId: "D395D95B-1F4A-420E-A0F6-609360AF7B69", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", matchCriteriaId: "9BD221BA-0AB6-4972-8AD9-5D37AC07762F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", matchCriteriaId: "E55B6565-96CB-4F6A-9A80-C3FB82F30546", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", matchCriteriaId: "D3300AFE-49A4-4904-B9A0-5679F09FA01E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", matchCriteriaId: "7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", matchCriteriaId: "B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", matchCriteriaId: "2C6109D1-BC36-40C5-A02A-7AEBC949BAC0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", matchCriteriaId: "DA8A7333-B4C3-4876-AE01-62F2FD315504", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", matchCriteriaId: "92993E23-D805-407B-8B87-11CEEE8B212F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", matchCriteriaId: "6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", matchCriteriaId: "C947E549-2459-4AFB-84A7-36BDA30B5F29", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", matchCriteriaId: "5D55DF79-F9BE-4907-A4D8-96C4B11189ED", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", matchCriteriaId: "14AB5787-82D7-4F78-BE93-4556AB7A7D0E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", matchCriteriaId: "F8E9453E-BC9B-4F77-85FA-BA15AC55C245", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*", matchCriteriaId: "A7EF0518-73F9-47DB-8946-A8334936BEFF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*", matchCriteriaId: "95AA8778-7833-4572-A71B-5FD89938CE94", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*", matchCriteriaId: "242E47CE-EF69-4F8F-AB40-5AF2811674CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*", matchCriteriaId: "CDA1555C-E55A-4E14-B786-BFEE3F09220B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*", matchCriteriaId: "F8075E9A-DA7F-4A0B-8B4D-0CD951369111", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*", matchCriteriaId: "335A5320-6086-4B45-9903-82F6F92A584F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*", matchCriteriaId: "46B33408-C2E2-4E7C-9334-6AB98F13468C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*", matchCriteriaId: "9F036676-9EFB-4A92-828E-A38905D594E2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*", matchCriteriaId: "E9728EE8-6029-4DF3-942E-E4ACC09111A3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*", matchCriteriaId: "34E7DAC8-8419-45D1-A28F-14CF2FE1B6EE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*", matchCriteriaId: "89B87EB5-4902-4C2A-878A-45185F7D0FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*", matchCriteriaId: "C0596E6C-9ACE-4106-A2FF-BED7967C323F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.", }, { lang: "es", value: "La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versiones anteriores a 8.5.3 y 9.x en versiones anteriores a 9.0.0.M7 y otros productos, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una cadena de límite largo.", }, ], id: "CVE-2016-3092", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-04T22:59:04.303", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN89379547/index.html", }, { source: "secalert@redhat.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html", }, { source: "secalert@redhat.com", url: "http://svn.apache.org/viewvc?view=revision&revision=1743480", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743722", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743738", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743742", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-7.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-8.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-9.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3609", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3611", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3614", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91453", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1036427", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1036900", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1037029", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1039606", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3024-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3027-1", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2017:0455", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2017:0456", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", }, { source: "secalert@redhat.com", tags: [ "Patch", "Permissions Required", "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/201705-09", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202107-39", }, { source: "secalert@redhat.com", url: "https://security.netapp.com/advisory/ntap-20190212-0001/", }, { source: "secalert@redhat.com", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "secalert@redhat.com", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN89379547/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.apache.org/viewvc?view=revision&revision=1743480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-7.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-8.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-9.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3611", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036900", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1039606", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3024-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3027-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:0455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:0456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Permissions Required", "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201705-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202107-39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20190212-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-23 10:18
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| hp | icewall_sso_agent_option | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:*:*:*:*", matchCriteriaId: "971AE4B7-D8A7-4B81-8630-CE3FEEFFD57B", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:2007:*:*:*", matchCriteriaId: "F527CAC5-FF86-4F8D-8F14-AF08FAC763CE", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:r1:*:*:*:*:*:*", matchCriteriaId: "2DAA1FA3-FEBA-4AF9-B3C3-796885FC2552", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en HP IceWall SSO Agent Option 8.0 a 10.0 permite a atacantes remotos obtener información sensible a través de vectores no especificados.", }, ], id: "CVE-2013-4817", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-23T10:18:58.940", references: [ { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-23 10:18
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | icewall_smart_device_option | 10.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0.1 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| hp | icewall_sso_agent_option | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_smart_device_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "C4E9C029-D5AF-4AD5-918B-B5FA9D697823", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", matchCriteriaId: "EDAB86FF-C732-4022-B1F4-D1CE28FBF0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp1:*:*:*:*:*:*", matchCriteriaId: "26B33F44-868B-4086-8161-0377C5146857", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "E3780D20-CBCC-4775-B8A5-678F1D8EF722", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp3:*:*:*:*:*:*", matchCriteriaId: "05663DA7-FF35-4B89-960D-19A9513A5E02", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp4:*:*:*:*:*:*", matchCriteriaId: "9CE2C53A-789F-4622-B382-6562C379E36C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:*:*:*:*:*:*:*", matchCriteriaId: "ECF1DC2D-0EF0-43D4-9C75-8EA6057BC21D", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:*:enterprise:*:*:*:*:*", matchCriteriaId: "BF51E8A2-D37D-4631-AF87-C5CA9AD83D1E", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r2:*:*:enterprise:*:*:*", matchCriteriaId: "61ED7146-E05B-4E22-A0D0-70C28062EF02", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r2:*:*:standard:*:*:*", matchCriteriaId: "B69AC4BF-1956-4962-AE5C-A63646F2C16B", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r3:*:*:enterprise:*:*:*", matchCriteriaId: "FDC4596D-20C4-43B4-BE34-60197F6C43EA", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r3:*:*:standard:*:*:*", matchCriteriaId: "BEF0F9CC-467F-4444-8614-A91DEDC2494A", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0.1:*:*:*:standard:*:*:*", matchCriteriaId: "367A9F14-F951-4DD5-8C89-9194A4C71004", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "703E7EA9-CBDC-41DA-B5CA-8F6FA56C07EF", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:enterprise:windows:*:*", matchCriteriaId: "0B7BCCB4-8AA9-4662-8EE8-0230A2387230", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:standard:*:*:*", matchCriteriaId: "9FEE1536-27F4-4C20-819B-836DC72698E9", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:standard:windows:*:*", matchCriteriaId: "299A0CF5-FFC0-4CD0-92DE-EF6BEBFE1983", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:*:*:*:*", matchCriteriaId: "971AE4B7-D8A7-4B81-8630-CE3FEEFFD57B", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:2007:*:*:*", matchCriteriaId: "F527CAC5-FF86-4F8D-8F14-AF08FAC763CE", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:r1:*:*:*:*:*:*", matchCriteriaId: "2DAA1FA3-FEBA-4AF9-B3C3-796885FC2552", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en HP IceWall SSO 8.0 a 10.0, IceWall SSO Agent Option 8.0 a 10.0, IceWall SSO Smart Device Option 10.0, y Icewall File Manager 3.0 a SP4 permite a atacantes remotos obtener información sensible a través de vectores no especificados.", }, ], id: "CVE-2013-4818", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-23T10:18:58.957", references: [ { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-16 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | icewall_federation_agent | 3.0 | |
| hp | icewall_mcrp | 3.0 | |
| hp | icewall_sso | 10.0 | |
| hp | icewall_sso | 10.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.1q | |
| openssl | openssl | 1.0.1r | |
| openssl | openssl | 1.0.1s | |
| openssl | openssl | 1.0.1t | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2g | |
| openssl | openssl | 1.0.2h | |
| oracle | linux | 5 | |
| oracle | linux | 6 | |
| oracle | linux | 7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", matchCriteriaId: "B3261B40-5CBE-4AA6-990A-0A7BE96E5518", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", matchCriteriaId: "C6AFB9DD-DA50-4F9D-B19D-160CA487D002", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", matchCriteriaId: "87037877-8506-4737-9F47-2CB687975B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", matchCriteriaId: "FD94C478-6F81-4F37-B7F3-61D8682EC593", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", matchCriteriaId: "A9EC827B-5313-47D7-BF49-CFF033CF3D53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", matchCriteriaId: "A438E65F-33B1-46BC-AD93-200DCC6B43D4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", matchCriteriaId: "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", matchCriteriaId: "6A0B4DEF-C6E8-4243-9893-6E650013600C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", matchCriteriaId: "E28CD4F7-522F-4ECA-9035-228596CDE769", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", matchCriteriaId: "A491B32F-31F0-4151-AE9B-313CBF2C060D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", matchCriteriaId: "0AF4953B-BB23-4C80-8C48-9E94EB234AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", matchCriteriaId: "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", matchCriteriaId: "9B89180B-FB68-4DD8-B076-16E51CC7FB91", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", matchCriteriaId: "4C986592-4086-4A39-9767-EF34DBAA6A53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", matchCriteriaId: "7B23181C-03DB-4E92-B3F6-6B585B5231B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", matchCriteriaId: "94D9EC1C-4843-4026-9B05-E060E9391734", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", matchCriteriaId: "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", matchCriteriaId: "036FB24F-7D86-4730-8BC9-722875BEC807", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", matchCriteriaId: "CE882C74-313C-47A9-9FA0-05F2CBF09D1A", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", }, { lang: "es", value: "La función BN_bn2dec en crypto/bn/bn_print.c en OpenSSL en versiones anteriores a 1.1.0 no valida adecuadamente resultados de la división, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de la aplicación) o tener otro posible impacto no especificado a través de vectores desconocidos.", }, ], id: "CVE-2016-2182", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-16T05:59:02.627", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "secalert@redhat.com", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92557", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1036688", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1037968", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { source: "secalert@redhat.com", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "secalert@redhat.com", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "secalert@redhat.com", url: "https://source.android.com/security/bulletin/2017-03-01", }, { source: "secalert@redhat.com", url: "https://source.android.com/security/bulletin/2017-03-01.html", }, { source: "secalert@redhat.com", url: "https://support.f5.com/csp/article/K01276005", }, { source: "secalert@redhat.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "secalert@redhat.com", url: "https://www.tenable.com/security/tns-2016-20", }, { source: "secalert@redhat.com", url: "https://www.tenable.com/security/tns-2016-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92557", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037968", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://source.android.com/security/bulletin/2017-03-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://source.android.com/security/bulletin/2017-03-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K01276005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2016-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2016-21", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-23 10:18
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| hp | icewall_sso_agent_option | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:*:*:*:*", matchCriteriaId: "971AE4B7-D8A7-4B81-8630-CE3FEEFFD57B", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:2007:*:*:*", matchCriteriaId: "F527CAC5-FF86-4F8D-8F14-AF08FAC763CE", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:r1:*:*:*:*:*:*", matchCriteriaId: "2DAA1FA3-FEBA-4AF9-B3C3-796885FC2552", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en HP IceWall SSO Agent Option 8.0 a 10.0 permite a usuarios autenticados remotamente obtener información sensible a través de vectores no especificados.", }, ], id: "CVE-2013-4819", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-23T10:18:58.970", references: [ { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-20 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | icewall_mcrp | 3.0 | |
| hp | icewall_sso | 10.0 | |
| hp | icewall_sso | 10.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| openssl | openssl | 1.0.1 | |
| openssl | openssl | 1.0.1a | |
| openssl | openssl | 1.0.1b | |
| openssl | openssl | 1.0.1c | |
| openssl | openssl | 1.0.1d | |
| openssl | openssl | 1.0.1e | |
| openssl | openssl | 1.0.1f | |
| openssl | openssl | 1.0.1g | |
| openssl | openssl | 1.0.1h | |
| openssl | openssl | 1.0.1i | |
| openssl | openssl | 1.0.1j | |
| openssl | openssl | 1.0.1k | |
| openssl | openssl | 1.0.1l | |
| openssl | openssl | 1.0.1m | |
| openssl | openssl | 1.0.1n | |
| openssl | openssl | 1.0.1o | |
| openssl | openssl | 1.0.1p | |
| openssl | openssl | 1.0.1q | |
| openssl | openssl | 1.0.1r | |
| openssl | openssl | 1.0.1s | |
| openssl | openssl | 1.0.1t | |
| openssl | openssl | 1.0.2 | |
| openssl | openssl | 1.0.2a | |
| openssl | openssl | 1.0.2b | |
| openssl | openssl | 1.0.2c | |
| openssl | openssl | 1.0.2d | |
| openssl | openssl | 1.0.2e | |
| openssl | openssl | 1.0.2f | |
| openssl | openssl | 1.0.2g | |
| openssl | openssl | 1.0.2h | |
| oracle | linux | 5 | |
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", matchCriteriaId: "C6AFB9DD-DA50-4F9D-B19D-160CA487D002", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", matchCriteriaId: "87037877-8506-4737-9F47-2CB687975B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", matchCriteriaId: "FD94C478-6F81-4F37-B7F3-61D8682EC593", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", matchCriteriaId: "A9EC827B-5313-47D7-BF49-CFF033CF3D53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", matchCriteriaId: "A438E65F-33B1-46BC-AD93-200DCC6B43D4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", matchCriteriaId: "4BFDCF78-62C1-429E-A43C-0C9FEC14837D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", matchCriteriaId: "6A0B4DEF-C6E8-4243-9893-6E650013600C", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", matchCriteriaId: "E28CD4F7-522F-4ECA-9035-228596CDE769", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", matchCriteriaId: "A491B32F-31F0-4151-AE9B-313CBF2C060D", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", matchCriteriaId: "0AF4953B-BB23-4C80-8C48-9E94EB234AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", matchCriteriaId: "60F946FD-F564-49DA-B043-5943308BA9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", matchCriteriaId: "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", matchCriteriaId: "9B89180B-FB68-4DD8-B076-16E51CC7FB91", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", matchCriteriaId: "4C986592-4086-4A39-9767-EF34DBAA6A53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", matchCriteriaId: "7B23181C-03DB-4E92-B3F6-6B585B5231B4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", matchCriteriaId: "94D9EC1C-4843-4026-9B05-E060E9391734", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", matchCriteriaId: "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", matchCriteriaId: "036FB24F-7D86-4730-8BC9-722875BEC807", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", matchCriteriaId: "CE882C74-313C-47A9-9FA0-05F2CBF09D1A", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", matchCriteriaId: "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", matchCriteriaId: "79A602C5-61FE-47BA-9786-F045B6C6DBA8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.", }, { lang: "es", value: "OpenSSL hasta la versión 1.0.2h no utiliza correctamente la aritmética de puntero para comprobaciones de límites de buffer de memoria dinámica, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de entero y caída de aplicación) o posiblemente tener otro impacto no especificado aprovechando un comportamiento malloc no esperado, relacionado con s3_srvr.c, ssl_sess.c, y t1_lib.c.", }, ], id: "CVE-2016-2177", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-20T01:59:02.087", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { source: "secalert@redhat.com", url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "secalert@redhat.com", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "secalert@redhat.com", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2016/06/08/9", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/540957/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91319", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036088", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-3181-1", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2017:0193", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2017:0194", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1341705", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "secalert@redhat.com", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10165", }, { source: "secalert@redhat.com", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "secalert@redhat.com", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "secalert@redhat.com", url: "https://support.f5.com/csp/article/K23873366", }, { source: "secalert@redhat.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "secalert@redhat.com", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "secalert@redhat.com", url: "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", }, { source: "secalert@redhat.com", url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", }, { source: "secalert@redhat.com", url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "secalert@redhat.com", url: "https://www.tenable.com/security/tns-2016-20", }, { source: "secalert@redhat.com", url: "https://www.tenable.com/security/tns-2016-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/06/08/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/540957/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3087-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3087-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3181-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:0193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:0194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1341705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201612-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K23873366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2016-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2016-20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2016-21", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-12-06 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", matchCriteriaId: "87037877-8506-4737-9F47-2CB687975B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", matchCriteriaId: "10FF0A06-DA61-4250-B083-67E55E362677", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", matchCriteriaId: "8A6BA453-C150-4159-B80B-5465EFF83F11", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", matchCriteriaId: "638A2E69-8AB6-4FEA-852A-FEF16A500C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", matchCriteriaId: "56C47D3A-B99D-401D-B6B8-1194B2DB4809", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", matchCriteriaId: "08355B10-E004-4BE6-A5AE-4D428810580B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", matchCriteriaId: "738BCFDC-1C49-4774-95AE-E099F707DEF9", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", matchCriteriaId: "D4B242C0-D27D-4644-AD19-5ACB853C9DC2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", matchCriteriaId: "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", matchCriteriaId: "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", matchCriteriaId: "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", matchCriteriaId: "132B9217-B0E0-4E3E-9096-162AA28E158E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", matchCriteriaId: "7619F9A0-9054-4217-93D1-3EA64876C5B0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", matchCriteriaId: "6D82C405-17E2-4DF1-8DF5-315BD5A41595", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", matchCriteriaId: "4C96806F-4718-4BD3-9102-55A26AA86498", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", matchCriteriaId: "8A16CD99-AF7F-4931-AD2E-77727BA18FBD", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", matchCriteriaId: "88440697-754A-47A7-BF83-4D0EB68FFB10", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", matchCriteriaId: "AD51F0FC-F426-4AE5-B3B9-B813C580EBAE", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", matchCriteriaId: "38721148-F24A-4339-8282-BC2DD9553512", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*", matchCriteriaId: "48CE49C8-0672-46A0-BCD0-C0E62801444E", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", matchCriteriaId: "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", matchCriteriaId: "C684FB18-FDDC-4BED-A28C-C23EE6CD0094", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", matchCriteriaId: "A74A79A7-4FAF-4C81-8622-050008B96AE1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", matchCriteriaId: "CEDACCB9-8D61-49EE-9957-9E58BC7BB031", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", matchCriteriaId: "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", matchCriteriaId: "E884B241-F9C3-44F8-A420-DE65F5F3D660", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", matchCriteriaId: "3A383620-B4F7-44A7-85DA-A4FF2E115D80", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", matchCriteriaId: "5F0C6812-F455-49CF-B29B-9AC00306DA43", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", matchCriteriaId: "3F2D462C-A1B4-4572-A615-BDE9DC5F1E55", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", matchCriteriaId: "3703E445-17C0-4C85-A496-A35641C0C8DB", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", matchCriteriaId: "2F4034B9-EF1C-40E6-B92A-D4D7B7E7E774", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", matchCriteriaId: "ABEC1927-F469-4B9E-B544-DA6CF90F0B34", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", matchCriteriaId: "DE2188F9-FAF8-4A0C-BB49-E95BDBC119BF", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", matchCriteriaId: "A9EC827B-5313-47D7-BF49-CFF033CF3D53", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", matchCriteriaId: "A438E65F-33B1-46BC-AD93-200DCC6B43D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "36654E81-CCF3-4E1F-BAEB-09F26BD7866C", versionEndIncluding: "4.3.35", versionStartIncluding: "4.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "DA344833-47A9-4AC4-B0AA-7A0F58B40C0C", versionEndIncluding: "5.0.13", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", matchCriteriaId: "6C81647C-9A53-481D-A54C-36770A093F90", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "6755B6AD-0422-467B-8115-34A60B1D1A40", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", }, { lang: "es", value: "ssl/s3_clnt.c en OpenSSL 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1p y 1.0.2 en versiones anteriores a 1.0.2d, cuando es utilizado por un cliente multi hilo, escribe la pista de identidad PSK en una estructura de datos incorrecta, lo que permite a servidores remotos provocar una denegación de servicio (condición de carrera y liberación doble) a través de un mensaje ServerKeyExchange manipulado.", }, ], id: "CVE-2015-3196", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-12-06T20:59:06.913", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://fortiguard.com/advisory/openssl-advisory-december-2015", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145382583417444&w=2", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://openssl.org/news/secadv/20151203.txt", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2617.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3413", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.fortiguard.com/advisory/openssl-advisory-december-2015", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/78622", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034294", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2830-1", }, { source: "secalert@redhat.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "secalert@redhat.com", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://fortiguard.com/advisory/openssl-advisory-december-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=145382583417444&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://openssl.org/news/secadv/20151203.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2617.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.fortiguard.com/advisory/openssl-advisory-december-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/78622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2830-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-23 10:18
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | icewall_smart_device_option | 10.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0 | |
| hp | icewall_sso_agent | 8.0.1 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_agent | 10.0 | |
| hp | icewall_sso_saml2_option | 8.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_file_manager | 3.0 | |
| hp | icewall_java_agent_library | 8.0 | |
| hp | icewall_java_agent_library | 8.0 | |
| hp | icewall_java_agent_library | 10.0 | |
| hp | icewall_federation_agent | 8.0 | |
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 8.0 | |
| hp | icewall_sso_agent_option | 10.0 | |
| hp | icewall_sso_agent_option | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_smart_device_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "C4E9C029-D5AF-4AD5-918B-B5FA9D697823", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:*:*:*:*:*:*:*", matchCriteriaId: "ECF1DC2D-0EF0-43D4-9C75-8EA6057BC21D", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:*:enterprise:*:*:*:*:*", matchCriteriaId: "BF51E8A2-D37D-4631-AF87-C5CA9AD83D1E", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r2:*:*:enterprise:*:*:*", matchCriteriaId: "61ED7146-E05B-4E22-A0D0-70C28062EF02", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r2:*:*:standard:*:*:*", matchCriteriaId: "B69AC4BF-1956-4962-AE5C-A63646F2C16B", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r3:*:*:enterprise:*:*:*", matchCriteriaId: "FDC4596D-20C4-43B4-BE34-60197F6C43EA", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0:r3:*:*:standard:*:*:*", matchCriteriaId: "BEF0F9CC-467F-4444-8614-A91DEDC2494A", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:8.0.1:*:*:*:standard:*:*:*", matchCriteriaId: "367A9F14-F951-4DD5-8C89-9194A4C71004", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "703E7EA9-CBDC-41DA-B5CA-8F6FA56C07EF", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:enterprise:windows:*:*", matchCriteriaId: "0B7BCCB4-8AA9-4662-8EE8-0230A2387230", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:standard:*:*:*", matchCriteriaId: "9FEE1536-27F4-4C20-819B-836DC72698E9", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent:10.0:*:*:*:standard:windows:*:*", matchCriteriaId: "299A0CF5-FFC0-4CD0-92DE-EF6BEBFE1983", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_saml2_option:8.0:*:*:*:*:*:*:*", matchCriteriaId: "6D7FF3B5-3F0C-44B0-AD24-249D52E375A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", matchCriteriaId: "EDAB86FF-C732-4022-B1F4-D1CE28FBF0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp1:*:*:*:*:*:*", matchCriteriaId: "26B33F44-868B-4086-8161-0377C5146857", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "E3780D20-CBCC-4775-B8A5-678F1D8EF722", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp3:*:*:*:*:*:*", matchCriteriaId: "05663DA7-FF35-4B89-960D-19A9513A5E02", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_file_manager:3.0:sp4:*:*:*:*:*:*", matchCriteriaId: "9CE2C53A-789F-4622-B382-6562C379E36C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_java_agent_library:8.0:*:*:*:*:*:*:*", matchCriteriaId: "415C5A78-CC33-491B-A432-A1F8F44D437A", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_java_agent_library:8.0:*:2007:*:*:*:*:*", matchCriteriaId: "DEF4582E-E0F3-4AF2-A1FA-36C6189B58C3", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_java_agent_library:10.0:*:*:*:*:*:*:*", matchCriteriaId: "B86A25F6-ED88-4B00-A843-50007EE5A727", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_federation_agent:8.0:*:*:*:*:*:*:*", matchCriteriaId: "6A50BB28-AA89-43A4-A377-D8DAF8C96E54", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:*:*:*:*", matchCriteriaId: "971AE4B7-D8A7-4B81-8630-CE3FEEFFD57B", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:8.0:*:*:*:2007:*:*:*", matchCriteriaId: "F527CAC5-FF86-4F8D-8F14-AF08FAC763CE", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", matchCriteriaId: "531FE660-C1A9-4C83-90BE-E38AA493D4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:r1:*:*:*:*:*:*", matchCriteriaId: "2DAA1FA3-FEBA-4AF9-B3C3-796885FC2552", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en HP IceWall SSO 8.0 a 10.0, IceWall SSO Agent Option 8.0 a 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVAAgent Library 8.0 a 10.0, IceWall Federation Agent 3.0, y IceWall File Manager 3.0 a SP4 permite a usuarios autenticados remotamente obtener información sensible a través de vectores desconocidos.", }, ], id: "CVE-2013-4820", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-23T10:18:58.987", references: [ { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "hp-security-alert@hp.com", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-3092
Vulnerability from cvelistv5
Published
2016-07-04 22:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000121", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190212-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743480", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "GLSA-201705-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201705-09", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743738", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-9.html", }, { name: "USN-3024-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3024-1", }, { name: "RHSA-2016:2069", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html", }, { name: "1037029", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037029", }, { name: "RHSA-2016:2068", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-7.html", }, { name: "1036900", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036900", }, { name: "91453", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91453", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-8.html", }, { name: "RHSA-2016:2072", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743722", }, { name: "DSA-3611", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3611", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", }, { name: "RHSA-2016:2807", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "openSUSE-SU-2016:2252", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html", }, { name: "JVN#89379547", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN89379547/index.html", }, { name: "1036427", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036427", }, { name: "RHSA-2016:2070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html", }, { name: "RHSA-2017:0457", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html", }, { name: "RHSA-2016:2808", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html", }, { name: "1039606", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039606", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743742", }, { name: "RHSA-2016:2599", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html", }, { name: "DSA-3609", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3609", }, { name: "RHSA-2017:0455", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:0455", }, { name: "DSA-3614", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3614", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E", }, { name: "RHSA-2017:0456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:0456", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", }, { name: "RHSA-2016:2071", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html", }, { name: "USN-3027-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3027-1", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "GLSA-202107-39", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-39", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-21T00:00:00", descriptions: [ { lang: "en", value: "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-17T07:06:23", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "JVNDB-2016-000121", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190212-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743480", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "GLSA-201705-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201705-09", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743738", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-9.html", }, { name: "USN-3024-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3024-1", }, { name: "RHSA-2016:2069", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html", }, { name: "1037029", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037029", }, { name: "RHSA-2016:2068", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-7.html", }, { name: "1036900", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036900", }, { name: "91453", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91453", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-8.html", }, { name: "RHSA-2016:2072", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743722", }, { name: "DSA-3611", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3611", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", }, { name: "RHSA-2016:2807", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "openSUSE-SU-2016:2252", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html", }, { name: "JVN#89379547", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN89379547/index.html", }, { name: "1036427", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036427", }, { name: "RHSA-2016:2070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html", }, { name: "RHSA-2017:0457", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html", }, { name: "RHSA-2016:2808", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html", }, { name: "1039606", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039606", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.apache.org/viewvc?view=revision&revision=1743742", }, { name: "RHSA-2016:2599", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html", }, { name: "DSA-3609", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3609", }, { name: "RHSA-2017:0455", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:0455", }, { name: "DSA-3614", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3614", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E", }, { name: "RHSA-2017:0456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:0456", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", }, { name: "RHSA-2016:2071", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html", }, { name: "USN-3027-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3027-1", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "GLSA-202107-39", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-39", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3092", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000121", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121", }, { name: "https://security.netapp.com/advisory/ntap-20190212-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190212-0001/", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759", }, { name: "http://svn.apache.org/viewvc?view=revision&revision=1743480", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc?view=revision&revision=1743480", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "GLSA-201705-09", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201705-09", }, { name: "http://svn.apache.org/viewvc?view=revision&revision=1743738", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc?view=revision&revision=1743738", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840", }, { name: "http://tomcat.apache.org/security-9.html", refsource: "CONFIRM", url: "http://tomcat.apache.org/security-9.html", }, { name: "USN-3024-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3024-1", }, { name: "RHSA-2016:2069", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html", }, { name: "1037029", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037029", }, { name: "RHSA-2016:2068", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html", }, { name: "http://tomcat.apache.org/security-7.html", refsource: "CONFIRM", url: "http://tomcat.apache.org/security-7.html", }, { name: "1036900", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036900", }, { name: "91453", refsource: "BID", url: "http://www.securityfocus.com/bid/91453", }, { name: "http://tomcat.apache.org/security-8.html", refsource: "CONFIRM", url: "http://tomcat.apache.org/security-8.html", }, { name: "RHSA-2016:2072", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { name: "http://svn.apache.org/viewvc?view=revision&revision=1743722", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc?view=revision&revision=1743722", }, { name: "DSA-3611", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3611", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371", }, { name: "RHSA-2016:2807", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "openSUSE-SU-2016:2252", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html", }, { name: "JVN#89379547", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN89379547/index.html", }, { name: "1036427", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036427", }, { name: "RHSA-2016:2070", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html", }, { name: "RHSA-2017:0457", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html", }, { name: "RHSA-2016:2808", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html", }, { name: "1039606", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039606", }, { name: "http://svn.apache.org/viewvc?view=revision&revision=1743742", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc?view=revision&revision=1743742", }, { name: "RHSA-2016:2599", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html", }, { name: "DSA-3609", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3609", }, { name: "RHSA-2017:0455", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:0455", }, { name: "DSA-3614", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3614", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability", refsource: "MLIST", url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E", }, { name: "RHSA-2017:0456", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:0456", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468", }, { name: "RHSA-2016:2071", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html", }, { name: "USN-3027-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3027-1", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "GLSA-202107-39", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-39", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3092", datePublished: "2016-07-04T22:00:00", dateReserved: "2016-03-10T00:00:00", dateUpdated: "2024-08-05T23:40:15.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4820
Vulnerability from cvelistv5
Published
2013-09-23 10:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 | x_refsource_CONFIRM | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:27.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-19T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-09T09:57:01", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2013-4820", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2013-4820", datePublished: "2013-09-23T10:00:00", dateReserved: "2013-07-12T00:00:00", dateUpdated: "2024-08-06T16:52:27.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3196
Vulnerability from cvelistv5
Published
2015-12-06 00:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:31.984Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173", }, { name: "openSUSE-SU-2015:2288", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c", }, { name: "RHSA-2015:2617", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2617.html", }, { tags: [ "x_transferred", ], url: "http://www.fortiguard.com/advisory/openssl-advisory-december-2015", }, { name: "SSA:2015-349-04", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583", }, { name: "78622", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/78622", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", }, { name: "HPSBGN03536", tags: [ "vendor-advisory", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=145382583417444&w=2", }, { name: "USN-2830-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2830-1", }, { name: "openSUSE-SU-2015:2289", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html", }, { name: "FEDORA-2015-d87d60b9a9", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { tags: [ "x_transferred", ], url: "http://openssl.org/news/secadv/20151203.txt", }, { name: "1034294", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1034294", }, { tags: [ "x_transferred", ], url: "http://fortiguard.com/advisory/openssl-advisory-december-2015", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322", }, { name: "DSA-3413", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3413", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-04T00:00:00", descriptions: [ { lang: "en", value: "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173", }, { name: "openSUSE-SU-2015:2288", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c", }, { name: "RHSA-2015:2617", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2617.html", }, { url: "http://www.fortiguard.com/advisory/openssl-advisory-december-2015", }, { name: "SSA:2015-349-04", tags: [ "vendor-advisory", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583", }, { name: "78622", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/78622", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", }, { name: "HPSBGN03536", tags: [ "vendor-advisory", ], url: "http://marc.info/?l=bugtraq&m=145382583417444&w=2", }, { name: "USN-2830-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-2830-1", }, { name: "openSUSE-SU-2015:2289", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html", }, { name: "FEDORA-2015-d87d60b9a9", tags: [ "vendor-advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { url: "http://openssl.org/news/secadv/20151203.txt", }, { name: "1034294", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1034294", }, { url: "http://fortiguard.com/advisory/openssl-advisory-december-2015", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322", }, { name: "DSA-3413", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2015/dsa-3413", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3196", datePublished: "2015-12-06T00:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:31.984Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6306
Vulnerability from cvelistv5
Published
2016-09-26 00:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:18.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-20", }, { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "93153", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/93153", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-16", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { name: "1036885", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1036885", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-16", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-21", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { name: "DSA-3673", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { tags: [ "x_transferred", ], url: "https://support.f5.com/csp/article/K90492697", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "openSUSE-SU-2016:2496", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { tags: [ "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20160922.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-22T00:00:00", descriptions: [ { lang: "en", value: "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.tenable.com/security/tns-2016-20", }, { name: "RHSA-2018:2185", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { name: "93153", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/93153", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { name: "1036885", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1036885", }, { url: "https://www.tenable.com/security/tns-2016-16", }, { url: "https://www.tenable.com/security/tns-2016-21", }, { url: "https://bto.bluecoat.com/security-advisory/sa132", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { name: "SUSE-SU-2016:2470", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { name: "DSA-3673", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { url: "https://support.f5.com/csp/article/K90492697", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "openSUSE-SU-2016:2496", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { url: "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", }, { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { url: "https://www.openssl.org/news/secadv/20160922.txt", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-6306", datePublished: "2016-09-26T00:00:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:18.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4818
Vulnerability from cvelistv5
Published
2013-09-23 10:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 | x_refsource_CONFIRM | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:27.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-19T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-09T09:57:01", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2013-4818", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2013-4818", datePublished: "2013-09-23T10:00:00", dateReserved: "2013-07-12T00:00:00", dateUpdated: "2024-08-06T16:52:27.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4817
Vulnerability from cvelistv5
Published
2013-09-23 10:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 | x_refsource_CONFIRM | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:27.294Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-19T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-09T09:57:01", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2013-4817", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2013-4817", datePublished: "2013-09-23T10:00:00", dateReserved: "2013-07-12T00:00:00", dateUpdated: "2024-08-06T16:52:27.294Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2177
Vulnerability from cvelistv5
Published
2016-06-20 00:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-20", }, { tags: [ "x_transferred", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:1659", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { name: "RHSA-2017:1658", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "1036088", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1036088", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-16", }, { tags: [ "x_transferred", ], url: "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { tags: [ "x_transferred", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-16", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-21", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2017:0194", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:0194", }, { name: "RHSA-2017:0193", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:0193", }, { tags: [ "x_transferred", ], url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1341705", }, { tags: [ "x_transferred", ], url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", }, { name: "91319", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/91319", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us", }, { tags: [ "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10165", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { name: "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/08/9", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", tags: [ "vendor-advisory", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/540957/100/0/threaded", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "USN-3181-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3181-1", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { tags: [ "x_transferred", ], url: "https://support.f5.com/csp/article/K23873366", }, { name: "DSA-3673", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-01T00:00:00", descriptions: [ { lang: "en", value: "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.tenable.com/security/tns-2016-20", }, { url: "http://www.splunk.com/view/SP-CAAAPUE", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "RHSA-2017:1659", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { name: "RHSA-2017:1658", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { name: "1036088", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1036088", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { name: "GLSA-201612-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/201612-16", }, { url: "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { url: "http://www.splunk.com/view/SP-CAAAPSV", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "https://www.tenable.com/security/tns-2016-16", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=a004e72b95835136d3f1ea90517f706c24c03da7", }, { url: "https://www.tenable.com/security/tns-2016-21", }, { url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "RHSA-2017:0194", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0194", }, { name: "RHSA-2017:0193", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0193", }, { url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", }, { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { name: "RHSA-2016:2957", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2957.html", }, { url: "https://bto.bluecoat.com/security-advisory/sa132", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1341705", }, { url: "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", }, { name: "91319", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/91319", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03763en_us", }, { url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10165", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { name: "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2016/06/08/9", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", tags: [ "vendor-advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { name: "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)", tags: [ "mailing-list", ], url: "http://www.securityfocus.com/archive/1/540957/100/0/threaded", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)", tags: [ "mailing-list", ], url: "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "USN-3181-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3181-1", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { url: "https://support.f5.com/csp/article/K23873366", }, { name: "DSA-3673", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2177", datePublished: "2016-06-20T00:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4819
Vulnerability from cvelistv5
Published
2013-09-23 10:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 | x_refsource_CONFIRM | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:52:27.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-19T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-09T09:57:01", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2013-4819", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632", }, { name: "HPSBGN02925", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, { name: "SSRT101310", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2013-4819", datePublished: "2013-09-23T10:00:00", dateReserved: "2013-07-12T00:00:00", dateUpdated: "2024-08-06T16:52:27.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2182
Vulnerability from cvelistv5
Published
2016-09-16 00:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036688", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1036688", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-20", }, { name: "RHSA-2018:2185", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { tags: [ "x_transferred", ], url: "http://www.splunk.com/view/SP-CAAAPUE", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "92557", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/92557", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2017-03-01", }, { name: "1037968", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1037968", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { tags: [ "x_transferred", ], url: "http://www.splunk.com/view/SP-CAAAPSV", }, { tags: [ "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-16", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2016-21", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { tags: [ "x_transferred", ], url: "https://bto.bluecoat.com/security-advisory/sa132", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2017-03-01.html", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { tags: [ "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { tags: [ "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { tags: [ "x_transferred", ], url: "https://support.f5.com/csp/article/K01276005", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { name: "DSA-3673", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { tags: [ "x_transferred", ], url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-15T00:00:00", descriptions: [ { lang: "en", value: "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1036688", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1036688", }, { url: "https://www.tenable.com/security/tns-2016-20", }, { name: "RHSA-2018:2185", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { name: "RHSA-2018:2186", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2186", }, { url: "http://www.splunk.com/view/SP-CAAAPUE", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "92557", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/92557", }, { url: "https://source.android.com/security/bulletin/2017-03-01", }, { name: "1037968", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1037968", }, { name: "RHSA-2016:1940", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1940.html", }, { url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", }, { url: "http://www.splunk.com/view/SP-CAAAPSV", }, { url: "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { url: "https://www.tenable.com/security/tns-2016-16", }, { url: "https://www.tenable.com/security/tns-2016-21", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { url: "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", }, { url: "https://bto.bluecoat.com/security-advisory/sa132", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "FreeBSD-SA-16:26", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc", }, { url: "https://source.android.com/security/bulletin/2017-03-01.html", }, { name: "RHSA-2018:2187", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2187", }, { url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", }, { url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", }, { url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", }, { name: "SUSE-SU-2017:2700", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", }, { name: "USN-3087-1", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-1", }, { name: "SUSE-SU-2016:2469", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html", }, { name: "openSUSE-SU-2016:2537", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html", }, { name: "USN-3087-2", tags: [ "vendor-advisory", ], url: "http://www.ubuntu.com/usn/USN-3087-2", }, { url: "https://support.f5.com/csp/article/K01276005", }, { name: "SUSE-SU-2017:2699", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", }, { name: "openSUSE-SU-2016:2407", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html", }, { name: "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2017/Jul/31", }, { name: "SUSE-SU-2016:2458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", }, { name: "DSA-3673", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2016/dsa-3673", }, { name: "openSUSE-SU-2016:2391", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html", }, { name: "openSUSE-SU-2018:0458", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html", }, { name: "SUSE-SU-2016:2387", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html", }, { url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", }, { name: "SUSE-SU-2016:2468", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html", }, { name: "SUSE-SU-2016:2394", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html", }, { url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", }, { url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2182", datePublished: "2016-09-16T00:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }