Action not permitted
Modal body text goes here.
CVE-2003-0545
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://secunia.com/advisories/22249 | Broken Link, Vendor Advisory | |
cve@mitre.org | http://www-1.ibm.com/support/docview.wss?uid=swg21247112 | Broken Link | |
cve@mitre.org | http://www.cert.org/advisories/CA-2003-26.html | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.debian.org/security/2003/dsa-394 | Broken Link | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/935264 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-292.html | Broken Link, Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/8732 | Broken Link, Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm | Broken Link, Patch, Vendor Advisory | |
cve@mitre.org | http://www.vupen.com/english/advisories/2006/3900 | Broken Link | |
cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590 | Broken Link |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:58:11.016Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2003:292", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html" }, { "name": "ADV-2006-3900", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/3900" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "name": "VU#935264", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/935264" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "name": "DSA-394", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-394" }, { "name": "CA-2003-26", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2003-26.html" }, { "name": "22249", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22249" }, { "name": "oval:org.mitre.oval:def:2590", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590" }, { "name": "8732", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/8732" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-09-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2003:292", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html" }, { "name": "ADV-2006-3900", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/3900" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "name": "VU#935264", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/935264" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "name": "DSA-394", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-394" }, { "name": "CA-2003-26", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2003-26.html" }, { "name": "22249", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22249" }, { "name": "oval:org.mitre.oval:def:2590", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590" }, { "name": "8732", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/8732" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0545", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2003:292", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html" }, { "name": "ADV-2006-3900", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3900" }, { "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "name": "VU#935264", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/935264" }, { "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "name": "DSA-394", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-394" }, { "name": "CA-2003-26", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2003-26.html" }, { "name": "22249", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22249" }, { "name": "oval:org.mitre.oval:def:2590", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590" }, { "name": "8732", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8732" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0545", "datePublished": "2003-10-01T04:00:00", "dateReserved": "2003-07-14T00:00:00", "dateUpdated": "2024-08-08T01:58:11.016Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2003-0545\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-11-17T05:00:00.000\",\"lastModified\":\"2024-02-02T15:23:34.283\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de doble liberaci\u00f3n (de memoria) en OpenSSL 0.9.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario mediante un certificado de cliente SSL con una cierta condificaci\u00f3n ASN.1 no v\u00e1lida.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue.\\n\\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b).\\n\\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).\",\"lastModified\":\"2008-07-07T00:00:00\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E4742C-A983-4F00-B24F-AB280C0E876D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A518E8-21BE-4C5C-B425-410AB1208E9C\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/22249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21247112\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.cert.org/advisories/CA-2003-26.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2003/dsa-394\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/935264\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-292.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/8732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3900\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]}]}}" } }
var-200311-0091
Vulnerability from variot
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----
OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing
NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates.
Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite.
Vulnerabilities
-
Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6.
-
Exploitation of an affected application would result in a denial of service vulnerability.
-
This by itself is not strictly speaking a vulnerability but it does mean that all SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.
Who is affected?
All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected.
Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
References
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
and CAN-2003-0543 and CAN-2003-0544 for issue 2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS 3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un xjGKYbcITrM= =fFTe -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200311-0091", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 4.0, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "mandrakesoft", "version": null }, { "model": null, "scope": null, "trust": 1.6, "vendor": "red hat", "version": null }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6" }, { "model": "ios 12.1 e", "scope": null, "trust": 1.2, "vendor": "cisco", "version": null }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.0.1" }, { "model": "http server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.1.7" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "appgate network security ab", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple computer", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "check point", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "conectiva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cray", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "guardian digital", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ingrian", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "juniper", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nortel", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "novell", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rsa security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sgi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "secure computing", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "slackware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stunnel", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "suse", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "tawie server linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "turbolinux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wirex", "version": null }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "0.9.7b" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.0.2.2s" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.2" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.3" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.1.7" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.1" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "1.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "2.1" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "12.1" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "12.2" }, { "model": "pix firewall", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "6.0" }, { "model": "pix firewall", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "6.1" }, { "model": "pix firewall", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "6.2" }, { "model": "pix firewall", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "6.3" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.00" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.22" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux apache-based web server", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "9" }, { "model": "gsx server build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.15336" }, { "model": "esx server build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.05257" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.5.2" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "tarantella", "version": "33.30" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "tarantella", "version": "33.200" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "tarantella", "version": "33.11" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "tarantella", "version": "33.10" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "tarantella", "version": "33.01" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "tarantella", "version": "33.0" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "one web server sp6", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp5", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp3", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp9", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp8", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp7", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp6", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp5", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp3", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one web server sp1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one directory server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.1x86" }, { "model": "one directory server sp2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.1" }, { "model": "one directory server sp1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.1" }, { "model": "one directory server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.1" }, { "model": "one application server ur2 standard edition", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one application server ur2 platform edition", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one application server ur1 standard edition", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one application server ur1 platform edition", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one application server platform edition", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "java system web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "grid engine", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3x86" }, { "model": "grid engine sun linux", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "grid engine 64-bit sparc", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "grid engine 32-bit sparc", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "cluster", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "3.1" }, { "model": "cluster", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "3.0" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.2.1" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.2" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.1" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.9" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.8" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.7" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.6" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.5" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.4" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0.1" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.7.2" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.7.1" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.7" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.6.3" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.6.2" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.5.18" }, { "model": "stonegate", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "1.5.17" }, { "model": "stonebeat webcluster", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.5" }, { "model": "stonebeat webcluster", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0" }, { "model": "stonebeat securitycluster", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.5" }, { "model": "stonebeat securitycluster", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0" }, { "model": "stonebeat high availability", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "3.1" }, { "model": "stonebeat fullcluster for raptor", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.5" }, { "model": "stonebeat fullcluster for raptor", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0" }, { "model": "stonebeat fullcluster for isa server", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "3.0" }, { "model": "stonebeat fullcluster for gauntlet", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0" }, { "model": "stonebeat fullcluster for firewall-1", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "3.0" }, { "model": "stonebeat fullcluster for firewall-1", "scope": "eq", "trust": 0.3, "vendor": "stonesoft", "version": "2.0" }, { "model": "ssleay", "scope": "eq", "trust": 0.3, "vendor": "ssleay", "version": "0.9.1" }, { "model": "ssleay", "scope": "eq", "trust": 0.3, "vendor": "ssleay", "version": "0.9" }, { "model": "ssleay", "scope": "eq", "trust": 0.3, "vendor": "ssleay", "version": "0.8.1" }, { "model": "ssleay", "scope": "eq", "trust": 0.3, "vendor": "ssleay", "version": "0.6.6" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.2.5" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.2.4" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.2.3" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.2.2" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.2.1" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.2" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.8" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.7" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.6" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.5" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.4" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.3" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.2" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1.1" }, { "model": "communications security ssh2", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "3.1" }, { "model": "communications security ssh sentinel", "scope": "eq", "trust": 0.3, "vendor": "ssh", "version": "1.4" }, { "model": "communications security ipsec express toolkit", "scope": null, "trust": 0.3, "vendor": "ssh", "version": null }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "snapgear", "version": "1.8.4" }, { "model": "gpl", "scope": "eq", "trust": 0.3, "vendor": "smoothwall", "version": "1.0" }, { "model": "express beta", "scope": "eq", "trust": 0.3, "vendor": "smoothwall", "version": "2.0" }, { "model": "propack", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "2.3" }, { "model": "propack", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "2.2.1" }, { "model": "irix", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.22" }, { "model": "irix m", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.21" }, { "model": "irix f", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.21" }, { "model": "irix", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.21" }, { "model": "irix m", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.20" }, { "model": "irix f", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.20" }, { "model": "irix", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.20" }, { "model": "irix m", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "irix f", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "irix", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "open server", "scope": "eq", "trust": 0.3, "vendor": "sco", "version": "5.0.7" }, { "model": "open server", "scope": "eq", "trust": 0.3, "vendor": "sco", "version": "5.0.6" }, { "model": "open server", "scope": "eq", "trust": 0.3, "vendor": "sco", "version": "5.0.5" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "9.0" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.3" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "oracle9i application server .1s", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.4" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.3" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.2" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.1" }, { "model": "nsure audit", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "1.0.1" }, { "model": "netware", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.5" }, { "model": "netware", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.0" }, { "model": "netware", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "5.1" }, { "model": "netmail e", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.10" }, { "model": "netmail d", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.10" }, { "model": "netmail c", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.10" }, { "model": "netmail b", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.10" }, { "model": "netmail a", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.10" }, { "model": "netmail", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.10" }, { "model": "netmail", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "netmail b", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.0.3" }, { "model": "netmail a", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.0.3" }, { "model": "netmail", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.0.3" }, { "model": "netmail", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.0.1" }, { "model": "international cryptographic infostructure", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.6.1" }, { "model": "imanager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.0.2" }, { "model": "imanager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.0" }, { "model": "imanager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "1.5" }, { "model": "ichain server sp1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.2" }, { "model": "ichain server fp1a", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.2" }, { "model": "ichain server fp1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.2" }, { "model": "ichain server", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "2.2" }, { "model": "groupwise webaccess sp2", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.5" }, { "model": "groupwise webaccess sp1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.5" }, { "model": "groupwise webaccess", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.5" }, { "model": "groupwise webaccess sp4", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.0" }, { "model": "groupwise internet agent", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.5.1" }, { "model": "groupwise sp2", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.5" }, { "model": "groupwise sp4", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.0" }, { "model": "edirectory su1", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.7.1" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.7.1" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.7" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.6.2" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.5.27" }, { "model": "edirectory a", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.5.12" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.5" }, { "model": "edirectory", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "8.0" }, { "model": "bordermanager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.8" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "9.2" }, { "model": "linux mandrake ppc", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "9.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "9.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "9.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "8.2" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.1" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.1" }, { "model": "networks t-series router t640", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks t-series router t320", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks sdx-300", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "3.1.1" }, { "model": "networks sdx-300", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "3.1" }, { "model": "networks m-series router m5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks m-series router m40e", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks m-series router m40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks m-series router m20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks m-series router m160", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "networks m-series router m10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2.1" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2.1" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2" }, { "model": "rational rose", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2000" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.47" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.42.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.42" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.28" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.26" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.19" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.4" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.3" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.12.2" }, { "model": "hp-ux aaa server a.06.01.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.22" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.20" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.0" }, { "model": "wbem services for hp-ux a.01.05.05", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "isman", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "firepass", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "bigip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "ssh for windows", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "5.3" }, { "model": "ssh for windows", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "5.2" }, { "model": "ssh for windows", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "5.1" }, { "model": "ssh for unix", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "3.2.3" }, { "model": "ssh for unix", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "3.2.0" }, { "model": "ssh for unix", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "3.1.0" }, { "model": "ssh", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "3.1.0" }, { "model": "ssh for unix", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "3.0.1" }, { "model": "open software", "scope": "eq", "trust": 0.3, "vendor": "cray", "version": "3.4" }, { "model": "associates etrust security command center", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "1.0" }, { "model": "threat response", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sn storage router sn5428-3.3.2-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sn storage router sn5428-3.3.1-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sn storage router sn5428-3.2.2-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sn storage router sn5428-3.2.1-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sn storage router sn5428-2.5.1-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sn storage router sn5428-2-3.3.2-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sn storage router sn5428-2-3.3.1-k9", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5428" }, { "model": "sip proxy server", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "secure policy manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.0.1" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "520" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "515" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios 12.2sy", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ios 12.2sx", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "gss global site selector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4480" }, { "model": "firewall services module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "css11000 content services switch", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "css secure content accelerator", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "css secure content accelerator", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "ciscoworks common services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2" }, { "model": "ciscoworks wireless lan solution engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1105" }, { "model": "ciscoworks hosting solution engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1105" }, { "model": "application \u0026 content networking software", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "point software vpn-1 sp4", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software vpn-1 sp3", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software vpn-1 sp2", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software vpn-1 sp1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software vpn-1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software providor-1 sp4", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software providor-1 sp3", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software providor-1 sp2", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software providor-1 sp1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software providor-1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software nokia voyager", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software next generation fp3 hf2", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "point software next generation fp3 hf1", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "point software next generation fp3", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "point software next generation fp2", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "point software next generation fp1", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "point software firewall-1 sp6", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1 sp5", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1 sp4", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1 sp3", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1 sp2", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1 sp1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.1" }, { "model": "point software firewall-1 sp8", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp7", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp6", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp5", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp4", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp3", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp2", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1 sp1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "4.0" }, { "model": "point software firewall-1", "scope": "eq", "trust": 0.3, "vendor": "check", "version": "3.0" }, { "model": "firewall server", "scope": "eq", "trust": 0.3, "vendor": "borderware", "version": "7.0" }, { "model": "coat systems security gateway os", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "3.0" }, { "model": "coat systems security gateway os", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "2.0" }, { "model": "coat systems cacheos ca/sa", "scope": "eq", "trust": 0.3, "vendor": "blue", "version": "4.1.10" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "enterprise", "scope": "ne", "trust": 0.3, "vendor": "tarantella", "version": "33.40" }, { "model": "solaris 8 x86", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 8 sparc", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris 7.0 x86", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one web server sp7", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "one web server sp14", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "4.1" }, { "model": "one directory server sp3", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "5.1" }, { "model": "one application server ur2 upgrade standard", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "one application server ur2 upgrade platform", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "java system web server sp1", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "cluster", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "2.2" }, { "model": "cluster", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "2.1" }, { "model": "communications security ssh2", "scope": "ne", "trust": 0.3, "vendor": "ssh", "version": "3.2.9" }, { "model": "communications security ssh sentinel", "scope": "ne", "trust": 0.3, "vendor": "ssh", "version": "1.4.1" }, { "model": "os", "scope": "ne", "trust": 0.3, "vendor": "snapgear", "version": "1.8.5" }, { "model": "project openssl c", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "nsure audit", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "1.0.3" }, { "model": "nsure audit", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "1.0.2" }, { "model": "netmail f", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "imanager", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "2.5" }, { "model": "edirectory su1", "scope": "ne", "trust": 0.3, "vendor": "novell", "version": "8.7.1" }, { "model": "siparator", "scope": "ne", "trust": 0.3, "vendor": "ingate", "version": "3.3.1" }, { "model": "firewall", "scope": "ne", "trust": 0.3, "vendor": "ingate", "version": "3.3.1" }, { "model": "rational requisitepro", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "hp-ux aaa server a.06.01.02.04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "wbem services for hp-ux a.01.05.07", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.2.8" } ], "sources": [ { "db": "CERT/CC", "id": "VU#104280" }, { "db": "CERT/CC", "id": "VU#732952" }, { "db": "CERT/CC", "id": "VU#686224" }, { "db": "CERT/CC", "id": "VU#935264" }, { "db": "CERT/CC", "id": "VU#380864" }, { "db": "CERT/CC", "id": "VU#255484" }, { "db": "BID", "id": "8732" }, { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "CNNVD", "id": "CNNVD-200311-033" }, { "db": "NVD", "id": "CVE-2003-0545" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0545" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NISCC uniras@niscc.gov.uk", "sources": [ { "db": "CNNVD", "id": "CNNVD-200311-033" } ], "trust": 0.6 }, "cve": "CVE-2003-0545", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/severity#" }, "@id": "https://www.variotdbs.pl/ref/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2003-0545", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2003-0545", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2003-0545", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#104280", "trust": 0.8, "value": "11.81" }, { "author": "CARNEGIE MELLON", "id": "VU#732952", "trust": 0.8, "value": "2.53" }, { "author": "CARNEGIE MELLON", "id": "VU#686224", "trust": 0.8, "value": "1.50" }, { "author": "CARNEGIE MELLON", "id": "VU#935264", "trust": 0.8, "value": "21.52" }, { "author": "CARNEGIE MELLON", "id": "VU#380864", "trust": 0.8, "value": "11.25" }, { "author": "CARNEGIE MELLON", "id": "VU#255484", "trust": 0.8, "value": "11.25" }, { "author": "CNNVD", "id": "CNNVD-200311-033", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#104280" }, { "db": "CERT/CC", "id": "VU#732952" }, { "db": "CERT/CC", "id": "VU#686224" }, { "db": "CERT/CC", "id": "VU#935264" }, { "db": "CERT/CC", "id": "VU#380864" }, { "db": "CERT/CC", "id": "VU#255484" }, { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "CNNVD", "id": "CNNVD-200311-033" }, { "db": "NVD", "id": "CVE-2003-0545" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. Multiple vulnerabilities exist in different vendors\u0027 SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. OpenSSL accepts unsolicited client certificate messages. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typically only the case during debugging. OpenSSL of ASN.1 (Abstract Syntax Notation number One) Structure (ASN1_TYPE) In the interpretation part of, there is a flaw in the process of releasing the memory allocated for the structure, and there is a vulnerability that destroys the values in the stack.OpenSSL Service disruption (DoS) It may be in a state. Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----\n\nOpenSSL Security Advisory [30 September 2003]\n\nVulnerabilities in ASN.1 parsing\n================================\n\nNISCC (www.niscc.gov.uk) prepared a test suite to check the operation\nof SSL/TLS software when presented with a wide range of malformed client\ncertificates. \n\nDr Stephen Henson (steve@openssl.org) of the OpenSSL core team\nidentified and prepared fixes for a number of vulnerabilities in the\nOpenSSL ASN1 code when running the test suite. \n\nVulnerabilities\n- ---------------\n\n1. Certain ASN.1 encodings that are rejected as invalid by the parser\ncan trigger a bug in the deallocation of the corresponding data\nstructure, corrupting the stack. This can be used as a denial of service\nattack. It is currently unknown whether this can be exploited to run\nmalicious code. This issue does not affect OpenSSL 0.9.6. \n\n2. \n\n3. Exploitation of an affected\napplication would result in a denial of service vulnerability. \n\n4. This by\nitself is not strictly speaking a vulnerability but it does mean that\n*all* SSL/TLS servers that use OpenSSL can be attacked using\nvulnerabilities 1, 2 and 3 even if they don\u0027t enable client authentication. \n\nWho is affected?\n- ----------------\n\nAll versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all\nversions of SSLeay are affected. \n\nAny application that makes use of OpenSSL\u0027s ASN1 library to parse\nuntrusted data. This includes all SSL or TLS applications, those using\nS/MIME (PKCS#7) or certificate generation routines. \n\nRecommendations\n- ---------------\n\nUpgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications\nstatically linked to OpenSSL libraries. \n\nReferences\n- ----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0545 for issue 1:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545\n\nand CAN-2003-0543 and CAN-2003-0544 for issue 2:\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20030930.txt\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q\nx4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS\n3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un\nxjGKYbcITrM=\n=fFTe\n-----END PGP SIGNATURE-----\n\n", "sources": [ { "db": "NVD", "id": "CVE-2003-0545" }, { "db": "CERT/CC", "id": "VU#104280" }, { "db": "CERT/CC", "id": "VU#732952" }, { "db": "CERT/CC", "id": "VU#686224" }, { "db": "CERT/CC", "id": "VU#935264" }, { "db": "CERT/CC", "id": "VU#380864" }, { "db": "CERT/CC", "id": "VU#255484" }, { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "BID", "id": "8732" }, { "db": "PACKETSTORM", "id": "31738" } ], "trust": 6.3 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#935264", "trust": 3.5 }, { "db": "NVD", "id": "CVE-2003-0545", "trust": 2.8 }, { "db": "BID", "id": "8732", "trust": 2.7 }, { "db": "CERT/CC", "id": "VU#732952", "trust": 1.9 }, { "db": "CERT/CC", "id": "VU#686224", "trust": 1.9 }, { "db": "CERT/CC", "id": "VU#104280", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2006-3900", "trust": 1.6 }, { "db": "SECUNIA", "id": "22249", "trust": 1.6 }, { "db": "CERT/CC", "id": "VU#380864", "trust": 1.1 }, { "db": "CERT/CC", "id": "VU#255484", "trust": 1.1 }, { "db": "XF", "id": "13315", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2003-000287", "trust": 0.8 }, { "db": "CERT/CC", "id": "CA-2003-26", "trust": 0.6 }, { "db": "OVAL", "id": "OVAL:ORG.MITRE.OVAL:DEF:2590", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2003:292", "trust": 0.6 }, { "db": "DEBIAN", "id": "DSA-394", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200311-033", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "31738", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#104280" }, { "db": "CERT/CC", "id": "VU#732952" }, { "db": "CERT/CC", "id": "VU#686224" }, { "db": "CERT/CC", "id": "VU#935264" }, { "db": "CERT/CC", "id": "VU#380864" }, { "db": "CERT/CC", "id": "VU#255484" }, { "db": "BID", "id": "8732" }, { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "PACKETSTORM", "id": "31738" }, { "db": "CNNVD", "id": "CNNVD-200311-033" }, { "db": "NVD", "id": "CVE-2003-0545" } ] }, "id": "VAR-200311-0091", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2022-05-29T21:30:21.532000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20030930-ssl", "trust": 0.8, "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "title": "HPSBUX00290", "trust": 0.8, "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-290" }, { "title": "HPSBUX0310-284", "trust": 0.8, "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0310-284" }, { "title": "HPSBUX00288", "trust": 0.8, "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00891831" }, { "title": "HPSBUX00290", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-290.html" }, { "title": "HPSBUX0310-284", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0310-284.html" }, { "title": "openssl", "trust": 0.8, "url": "http://www.miraclelinux.com/support/update/data/openssl.html" }, { "title": "secadv_20030930", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20030930.txt" }, { "title": "#62", "trust": 0.8, "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf" }, { "title": "#62", "trust": 0.8, "url": "http://support.oracle.co.jp/open/owa/external_krown.search_doc?c_document_id=70482" }, { "title": "RHSA-2003:292", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2003-292.html" }, { "title": "cisco-sa-20030930-ssl", "trust": 0.8, "url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20030930-ssl-j.shtml" }, { "title": "RHSA-2003:292", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-292j.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000287" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "NVD", "id": "CVE-2003-0545" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.8, "url": "http://www.ietf.org/rfc/rfc2246.txt" }, { "trust": 4.5, "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "trust": 4.0, "url": "http://wp.netscape.com/eng/ssl3/" }, { "trust": 4.0, "url": "http://www.itu.int/itu-t/studygroups/com10/languages/" }, { "trust": 3.9, "url": "http://www.openssl.org/news/secadv_20030930.txt" }, { "trust": 3.2, "url": "http://www.ietf.org/html.charters/pkix-charter.html" }, { "trust": 2.7, "url": "http://www.cert.org/advisories/ca-2003-26.html" }, { "trust": 2.7, "url": "http://www.kb.cert.org/vuls/id/935264" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/8732" }, { "trust": 1.9, "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2003-292.html" }, { "trust": 1.6, "url": "http://www.debian.org/security/2003/dsa-394" }, { "trust": 1.6, "url": "http://secunia.com/advisories/22249" }, { "trust": 1.1, "url": "http://www.kb.cert.org/vuls/id/686224" }, { "trust": 1.1, "url": "http://www.kb.cert.org/vuls/id/732952" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2006/3900" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a2590" }, { "trust": 0.9, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087450.htm" }, { "trust": 0.8, "url": "http://www.uniras.gov.uk/vuls/2003/006489/tls.htm" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/pkcs/" }, { "trust": 0.8, "url": "http://wp.netscape.com/eng/ssl3/draft302.txt" }, { "trust": 0.8, "url": "http://www.ciac.org/ciac/bulletins/n-159.shtml" }, { "trust": 0.8, "url": "http://www.ciac.org/ciac/bulletins/o-065.shtml" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0545" }, { "trust": 0.8, "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/13315" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnca-2003-26" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trca-2003-26" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0545" }, { "trust": 0.8, "url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/104280" }, { "trust": 0.8, "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2006/3900" }, { "trust": 0.6, "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:2590" }, { "trust": 0.3, "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-tech.shtml" }, { "trust": 0.3, "url": "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120400.shtml" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57599" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.apple.com/swupdates/" }, { "trust": 0.3, "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967586.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968007.htm" }, { "trust": 0.3, "url": "http://www.vmware.com/download/esx/esx2-openssh.html" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967420.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967421.htm" }, { "trust": 0.3, "url": "http://www.borderware.com/products/firewall.php" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967425.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967411.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967408.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967399.htm" }, { "trust": 0.3, "url": "http://www.vmware.com/download/gsx_security.html" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm" }, { "trust": 0.3, "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:098" }, { "trust": 0.3, "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/mss-oar-e01-2004.0422.1" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967210.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967209.htm" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967208.htm" }, { "trust": 0.3, "url": "http://cirt.dk/advisories/cirt-32-advisory.pdf" }, { "trust": 0.3, "url": "http://www.cirt.dk/advisories/cirt-31-advisory.pdf" }, { "trust": 0.3, "url": "http://www.stonesoft.com/document/art/3040.html" }, { "trust": 0.3, "url": "http://metalink.oracle.com" }, { "trust": 0.3, "url": "http://www.smoothwall.org/home/news/item/20031001.01.html" }, { "trust": 0.3, "url": "http://www.ingate.com/relnote-331.php" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2003-293.html" }, { "trust": 0.3, "url": "http://www.bluecoat.com/support/knowledge/advisory_openssl_asn_vulnerability.html" }, { "trust": 0.3, "url": "http://support.novell.com/security-alerts/" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm" }, { "trust": 0.3, "url": "http://www.stonesoft.com/document/art/3041.html" }, { "trust": 0.3, "url": "http://www.ssh.com/company/newsroom/article/476/" }, { "trust": 0.3, "url": "http://www.ssh.com/company/newsroom/article/477/" }, { "trust": 0.3, "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57100" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57444" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57472" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57475" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f57498" }, { "trust": 0.3, "url": "http://sunsolve.sun.com/patches/linux/security.html" }, { "trust": 0.3, "url": "http://www.tarantella.com/security/bulletin-08.html" }, { "trust": 0.3, "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097379.htm" }, { "trust": 0.3, "url": "http://www.borderware.com/" }, { "trust": 0.3, "url": "http://www.kb.cert.org/vuls/id/255484" }, { "trust": 0.3, "url": "http://www.kb.cert.org/vuls/id/380864" }, { "trust": 0.3, "url": "/archive/1/343055" }, { "trust": 0.1, "url": "https://www.niscc.gov.uk)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0545" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0545" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0543" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0544" } ], "sources": [ { "db": "CERT/CC", "id": "VU#104280" }, { "db": "CERT/CC", "id": "VU#732952" }, { "db": "CERT/CC", "id": "VU#686224" }, { "db": "CERT/CC", "id": "VU#935264" }, { "db": "CERT/CC", "id": "VU#380864" }, { "db": "CERT/CC", "id": "VU#255484" }, { "db": "BID", "id": "8732" }, { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "PACKETSTORM", "id": "31738" }, { "db": "CNNVD", "id": "CNNVD-200311-033" }, { "db": "NVD", "id": "CVE-2003-0545" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#104280" }, { "db": "CERT/CC", "id": "VU#732952" }, { "db": "CERT/CC", "id": "VU#686224" }, { "db": "CERT/CC", "id": "VU#935264" }, { "db": "CERT/CC", "id": "VU#380864" }, { "db": "CERT/CC", "id": "VU#255484" }, { "db": "BID", "id": "8732" }, { "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "db": "PACKETSTORM", "id": "31738" }, { "db": "CNNVD", "id": "CNNVD-200311-033" }, { "db": "NVD", "id": "CVE-2003-0545" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2003-09-30T00:00:00", "db": "CERT/CC", "id": "VU#104280" }, { "date": "2003-09-30T00:00:00", "db": "CERT/CC", "id": "VU#732952" }, { "date": "2003-09-30T00:00:00", "db": "CERT/CC", "id": "VU#686224" }, { "date": "2003-09-30T00:00:00", "db": "CERT/CC", "id": "VU#935264" }, { "date": "2003-09-30T00:00:00", "db": "CERT/CC", "id": "VU#380864" }, { "date": "2003-09-30T00:00:00", "db": "CERT/CC", "id": "VU#255484" }, { "date": "2003-09-30T00:00:00", "db": "BID", "id": "8732" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "date": "2003-09-30T16:10:22", "db": "PACKETSTORM", "id": "31738" }, { "date": "2003-09-30T00:00:00", "db": "CNNVD", "id": "CNNVD-200311-033" }, { "date": "2003-11-17T05:00:00", "db": "NVD", "id": "CVE-2003-0545" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-08-25T00:00:00", "db": "CERT/CC", "id": "VU#104280" }, { "date": "2003-10-01T00:00:00", "db": "CERT/CC", "id": "VU#732952" }, { "date": "2003-10-01T00:00:00", "db": "CERT/CC", "id": "VU#686224" }, { "date": "2003-10-01T00:00:00", "db": "CERT/CC", "id": "VU#935264" }, { "date": "2003-10-01T00:00:00", "db": "CERT/CC", "id": "VU#380864" }, { "date": "2003-10-01T00:00:00", "db": "CERT/CC", "id": "VU#255484" }, { "date": "2016-07-06T14:32:00", "db": "BID", "id": "8732" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000287" }, { "date": "2005-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200311-033" }, { "date": "2018-05-03T01:29:00", "db": "NVD", "id": "CVE-2003-0545" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200311-033" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple vulnerabilities in SSL/TLS implementations", "sources": [ { "db": "CERT/CC", "id": "VU#104280" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-200311-033" } ], "trust": 0.6 } }
gsd-2003-0545
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2003-0545", "description": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.", "id": "GSD-2003-0545", "references": [ "https://www.suse.com/security/cve/CVE-2003-0545.html", "https://www.debian.org/security/2003/dsa-394", "https://access.redhat.com/errata/RHSA-2003:292", "https://packetstormsecurity.com/files/cve/CVE-2003-0545" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2003-0545" ], "details": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.", "id": "GSD-2003-0545", "modified": "2023-12-13T01:22:13.373265Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0545", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2003:292", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html" }, { "name": "ADV-2006-3900", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3900" }, { "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "name": "VU#935264", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/935264" }, { "name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm", "refsource": "MISC", "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "name": "DSA-394", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-394" }, { "name": "CA-2003-26", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2003-26.html" }, { "name": "22249", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22249" }, { "name": "oval:org.mitre.oval:def:2590", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590" }, { "name": "8732", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8732" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding." }, { "lang": "es", "value": "Vulnerabilidad de doble liberaci\u00f3n (de memoria) en OpenSSL 0.9.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario mediante un certificado de cliente SSL con una cierta condificaci\u00f3n ASN.1 no v\u00e1lida." } ], "id": "CVE-2003-0545", "lastModified": "2024-02-02T15:23:34.283", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2003-11-17T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://secunia.com/advisories/22249" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2003-26.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.debian.org/security/2003/dsa-394" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/935264" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/8732" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Patch", "Vendor Advisory" ], "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2006/3900" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b).\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).", "lastModified": "2008-07-07T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-415" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
ghsa-mmjc-3g2p-897m
Vulnerability from github
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
{ "affected": [], "aliases": [ "CVE-2003-0545" ], "database_specific": { "cwe_ids": [ "CWE-119", "CWE-415" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2003-11-17T05:00:00Z", "severity": "HIGH" }, "details": "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.", "id": "GHSA-mmjc-3g2p-897m", "modified": "2024-02-02T15:30:25Z", "published": "2022-04-29T01:26:36Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0545" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590" }, { "type": "WEB", "url": "http://secunia.com/advisories/22249" }, { "type": "WEB", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112" }, { "type": "WEB", "url": "http://www.cert.org/advisories/CA-2003-26.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2003/dsa-394" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/935264" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2003-292.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/8732" }, { "type": "WEB", "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2006/3900" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.