cve-2003-0851

Vulnerability from cvelistv5

Published

2003-11-06 05:00

Modified

2024-08-08 02:05

Severity ?

Summary

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

References

URL	Tags
cve@mitre.org	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
cve@mitre.org	http://marc.info/?l=bugtraq&m=106796246511667&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=108403850228012&w=2
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2004-119.html
cve@mitre.org	http://secunia.com/advisories/17381
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
cve@mitre.org	http://www.kb.cert.org/vuls/id/412478	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.openssl.org/news/secadv_20031104.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
cve@mitre.org	http://www.securityfocus.com/bid/8970	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106796246511667&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=108403850228012&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2004-119.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17381
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/412478	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20031104.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8970	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5528",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
          },
          {
            "name": "FEDORA-2005-1042",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
          },
          {
            "name": "20040304-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
          },
          {
            "name": "17381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17381"
          },
          {
            "name": "NetBSD-SA2004-003",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
          },
          {
            "name": "20030930 SSL Implementation Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
          },
          {
            "name": "8970",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8970"
          },
          {
            "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
          },
          {
            "name": "RHSA-2004:119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20031104.txt"
          },
          {
            "name": "VU#412478",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/412478"
          },
          {
            "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5528",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
        },
        {
          "name": "FEDORA-2005-1042",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
        },
        {
          "name": "20040304-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
        },
        {
          "name": "17381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17381"
        },
        {
          "name": "NetBSD-SA2004-003",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
        },
        {
          "name": "20030930 SSL Implementation Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
        },
        {
          "name": "8970",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8970"
        },
        {
          "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
        },
        {
          "name": "RHSA-2004:119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20031104.txt"
        },
        {
          "name": "VU#412478",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/412478"
        },
        {
          "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0851",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5528",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
            },
            {
              "name": "FEDORA-2005-1042",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "20040304-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "17381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "NetBSD-SA2004-003",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
            },
            {
              "name": "20030930 SSL Implementation Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
            },
            {
              "name": "8970",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8970"
            },
            {
              "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
            },
            {
              "name": "RHSA-2004:119",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20031104.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20031104.txt"
            },
            {
              "name": "VU#412478",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/412478"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0851",
    "datePublished": "2003-11-06T05:00:00",
    "dateReserved": "2003-10-10T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.1\\\\(11\\\\)e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"580BA1FE-0826-47A7-8BD3-9225E0841EDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.1\\\\(11b\\\\)e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"040B04CD-B891-4F19-A7CC-5C2D462FBD6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DE0B5B8-DEB1-4021-B854-177C0D9FD73A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09458CD7-D430-4957-8506-FAB2A3E2AA65\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07E1B690-C58B-4C08-A757-F3DF451FDAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5E4742C-A983-4F00-B24F-AB280C0E876D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A0628DF-3A4C-4078-B615-22260671EABF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"962FCB86-15AD-4399-8B7D-EC1DEA919C59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"180D07AE-C571-4DD6-837C-43E2A946007A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90789533-C741-4B1C-A24B-2C77B9E4DE5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1520065B-46D7-48A4-B9D0-5B49F690C5B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AA526B9-726A-49D5-B3CA-EBE2DA303CA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"494E48E7-EF86-4860-9A53-94F6C313746E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45A518E8-21BE-4C5C-B425-410AB1208E9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78E79A05-64F3-4397-952C-A5BB950C967D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58BE9C02-2A01-4F6F-A6BD-BC0173561E9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C558CED8-8342-46CB-9F52-580B626D320E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F85D19E-6C26-429D-B876-F34238B9DAAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(4.101\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09063867-0E64-4630-B35B-4CCA348E4DAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78F98CD7-A352-483C-9968-8FB2627A7CBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F97FE485-705F-4707-B6C6-0EF9E8A85D5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2B925E8-D2C2-4E8C-AC21-0C422245C482\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9170562-872E-4C32-869C-B10FF35A925E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0927A68-8BB2-4F03-8396-E9CACC158FC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"559DDBA3-2AF4-4A0C-B219-6779BA931F21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.2\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5226C9CC-6933-4F10-B426-B47782C606FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.2\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"757DAE9A-B25D-4B8A-A41B-66C2897B537E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.2\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E3DC170-E279-4725-B9EE-6840B5685CC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.3\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE05B514-F094-4632-B25B-973F976F6409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:pix_firewall_software:6.3\\\\(3.102\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40954985-16E6-4F37-B014-6A55166AE093\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.\"}, {\"lang\": \"es\", \"value\": \"OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (ca\\u00edda por recursi\\u00f3n excesiva) mediante secuencias ASN.1 malformadas.\"}]",
      "id": "CVE-2003-0851",
      "lastModified": "2024-11-20T23:45:40.410",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-12-01T05:00:00.000",
      "references": "[{\"url\": \"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2004-119.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/17381\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/412478\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.openssl.org/news/secadv_20031104.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/8970\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2004-119.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/412478\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.openssl.org/news/secadv_20031104.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/8970\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0851\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-12-01T05:00:00.000\",\"lastModified\":\"2024-11-20T23:45:40.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.\"},{\"lang\":\"es\",\"value\":\"OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda por recursi\u00f3n excesiva) mediante secuencias ASN.1 malformadas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.1\\\\(11\\\\)e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"580BA1FE-0826-47A7-8BD3-9225E0841EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.1\\\\(11b\\\\)e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"040B04CD-B891-4F19-A7CC-5C2D462FBD6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE0B5B8-DEB1-4021-B854-177C0D9FD73A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09458CD7-D430-4957-8506-FAB2A3E2AA65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E1B690-C58B-4C08-A757-F3DF451FDAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E4742C-A983-4F00-B24F-AB280C0E876D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0628DF-3A4C-4078-B615-22260671EABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"962FCB86-15AD-4399-8B7D-EC1DEA919C59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180D07AE-C571-4DD6-837C-43E2A946007A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90789533-C741-4B1C-A24B-2C77B9E4DE5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1520065B-46D7-48A4-B9D0-5B49F690C5B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AA526B9-726A-49D5-B3CA-EBE2DA303CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"494E48E7-EF86-4860-9A53-94F6C313746E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A518E8-21BE-4C5C-B425-410AB1208E9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78E79A05-64F3-4397-952C-A5BB950C967D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BE9C02-2A01-4F6F-A6BD-BC0173561E9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C558CED8-8342-46CB-9F52-580B626D320E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F85D19E-6C26-429D-B876-F34238B9DAAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.0\\\\(4.101\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09063867-0E64-4630-B35B-4CCA348E4DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78F98CD7-A352-483C-9968-8FB2627A7CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F97FE485-705F-4707-B6C6-0EF9E8A85D5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2B925E8-D2C2-4E8C-AC21-0C422245C482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9170562-872E-4C32-869C-B10FF35A925E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0927A68-8BB2-4F03-8396-E9CACC158FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.1\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"559DDBA3-2AF4-4A0C-B219-6779BA931F21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.2\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5226C9CC-6933-4F10-B426-B47782C606FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.2\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"757DAE9A-B25D-4B8A-A41B-66C2897B537E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.2\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E3DC170-E279-4725-B9EE-6840B5685CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.3\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE05B514-F094-4632-B25B-973F976F6409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:pix_firewall_software:6.3\\\\(3.102\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40954985-16E6-4F37-B014-6A55166AE093\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2004-119.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17381\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/412478\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.openssl.org/news/secadv_20031104.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/8970\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2004-119.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/412478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.openssl.org/news/secadv_20031104.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/8970\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2004:119

Vulnerability from csaf_redhat

Published

2004-03-17 12:31

Modified

2024-11-21 23:00

Summary

Red Hat Security Advisory: openssl security update

Notes

Topic

Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1.

Details

OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated OpenSSL packages that fix a remote denial of service vulnerability\nare now available for Red Hat Enterprise Linux 2.1.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\nTransport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop).  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited.  The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nThese updated packages contain patches provided by the OpenSSL group that\nprotect against these issues.\n\nNOTE: Because server applications are affected by this issue, users are\nadvised to either restart all services using OpenSSL functionality or\nrestart their system after installing these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:119",
        "url": "https://access.redhat.com/errata/RHSA-2004:119"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.codenomicon.com/testtools/tls/",
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "117771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=117771"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_119.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:23+00:00",
      "generator": {
        "date": "2024-11-21T23:00:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:119",
      "initial_release_date": "2004-03-17T12:31:00+00:00",
      "revision_history": [
        {
          "date": "2004-03-17T12:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-03-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:00:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0851",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
        }
      ],
      "release_date": "2003-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T12:31:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T12:31:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2004_119

Vulnerability from csaf_redhat

Published

2004-03-17 12:31

Modified

2024-11-21 23:00

Summary

Red Hat Security Advisory: openssl security update

Notes

Topic

Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated OpenSSL packages that fix a remote denial of service vulnerability\nare now available for Red Hat Enterprise Linux 2.1.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\nTransport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop).  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited.  The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nThese updated packages contain patches provided by the OpenSSL group that\nprotect against these issues.\n\nNOTE: Because server applications are affected by this issue, users are\nadvised to either restart all services using OpenSSL functionality or\nrestart their system after installing these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:119",
        "url": "https://access.redhat.com/errata/RHSA-2004:119"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.codenomicon.com/testtools/tls/",
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "117771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=117771"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_119.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:23+00:00",
      "generator": {
        "date": "2024-11-21T23:00:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:119",
      "initial_release_date": "2004-03-17T12:31:00+00:00",
      "revision_history": [
        {
          "date": "2004-03-17T12:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-03-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:00:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0851",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
        }
      ],
      "release_date": "2003-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T12:31:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T12:31:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2004_139

Vulnerability from csaf_redhat

Published

2004-03-17 17:20

Modified

2024-11-21 23:00

Summary

Red Hat Security Advisory: apache, openssl security update for Stronghold

Notes

Topic

Updated versions of Stronghold 4 cross-platform are available that fix security issues affecting OpenSSL and the Apache HTTP Server. A number of bug fixes are also included.

Details

Stronghold 4 contains a number of open source technologies, including OpenSSL 0.9.6 and the Apache HTTP Server. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could send a carefully crafted SSL/TLS handshake which could lead to a denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue. An issue in the handling of regular expressions from configuration files was discovered in releases of the Apache HTTP Server version 1.3 prior to 1.3.29. To exploit this issue an attacker would need to have the ability to write to Apache configuration files such as .htaccess or httpd.conf. A carefully-crafted configuration file can cause an exploitable buffer overflow and would allow the attacker to execute arbitrary code in the context of the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0542 to this issue. Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nsecurity issues affecting OpenSSL and the Apache HTTP Server. A number\nof bug fixes are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and the Apache HTTP Server.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop). The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a null-pointer assignment in the do_change_cipher_spec() function\nin OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could\nsend a carefully crafted SSL/TLS handshake which could lead to a denial of\nservice attack.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0079 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nAn issue in the handling of regular expressions from configuration files\nwas discovered in releases of the Apache HTTP Server version 1.3 prior to\n1.3.29. To exploit this issue an attacker would need to have the ability\nto write to Apache configuration files such as .htaccess or httpd.conf. A\ncarefully-crafted configuration file can cause an exploitable buffer\noverflow and would allow the attacker to execute arbitrary code in the\ncontext of the server. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0542 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:139",
        "url": "https://access.redhat.com/errata/RHSA-2004:139"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.codenomicon.com/testtools/tls/",
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_139.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:35+00:00",
      "generator": {
        "date": "2024-11-21T23:00:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:139",
      "initial_release_date": "2004-03-17T17:20:00+00:00",
      "revision_history": [
        {
          "date": "2004-03-17T17:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-03-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:00:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0542",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617048"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0542"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617048",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617048"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542"
        }
      ],
      "release_date": "2003-10-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0851",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
        }
      ],
      "release_date": "2003-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0079",
      "discovery_date": "2004-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0079"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0079"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2004:119

Vulnerability from csaf_redhat

Published

2004-03-17 12:31

Modified

2024-11-21 23:00

Summary

Red Hat Security Advisory: openssl security update

Notes

Topic

Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated OpenSSL packages that fix a remote denial of service vulnerability\nare now available for Red Hat Enterprise Linux 2.1.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and\nTransport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop).  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited.  The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nThese updated packages contain patches provided by the OpenSSL group that\nprotect against these issues.\n\nNOTE: Because server applications are affected by this issue, users are\nadvised to either restart all services using OpenSSL functionality or\nrestart their system after installing these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:119",
        "url": "https://access.redhat.com/errata/RHSA-2004:119"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.codenomicon.com/testtools/tls/",
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "117771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=117771"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_119.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:23+00:00",
      "generator": {
        "date": "2024-11-21T23:00:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:119",
      "initial_release_date": "2004-03-17T12:31:00+00:00",
      "revision_history": [
        {
          "date": "2004-03-17T12:31:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-03-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:00:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0851",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
        }
      ],
      "release_date": "2003-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T12:31:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T12:31:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL\nCertificate Errors, you need to install a version of the\nup2date client with an updated certificate.  The latest version of\nup2date is available from the Red Hat FTP site and may also be\ndownloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:119"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2004:139

Vulnerability from csaf_redhat

Published

2004-03-17 17:20

Modified

2024-11-21 23:00

Summary

Red Hat Security Advisory: apache, openssl security update for Stronghold

Notes

Topic

Updated versions of Stronghold 4 cross-platform are available that fix security issues affecting OpenSSL and the Apache HTTP Server. A number of bug fixes are also included.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nsecurity issues affecting OpenSSL and the Apache HTTP Server. A number\nof bug fixes are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and the Apache HTTP Server.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop). The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a null-pointer assignment in the do_change_cipher_spec() function\nin OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could\nsend a carefully crafted SSL/TLS handshake which could lead to a denial of\nservice attack.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0079 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nAn issue in the handling of regular expressions from configuration files\nwas discovered in releases of the Apache HTTP Server version 1.3 prior to\n1.3.29. To exploit this issue an attacker would need to have the ability\nto write to Apache configuration files such as .htaccess or httpd.conf. A\ncarefully-crafted configuration file can cause an exploitable buffer\noverflow and would allow the attacker to execute arbitrary code in the\ncontext of the server. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0542 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:139",
        "url": "https://access.redhat.com/errata/RHSA-2004:139"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.codenomicon.com/testtools/tls/",
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_139.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:35+00:00",
      "generator": {
        "date": "2024-11-21T23:00:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:139",
      "initial_release_date": "2004-03-17T17:20:00+00:00",
      "revision_history": [
        {
          "date": "2004-03-17T17:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-03-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:00:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0542",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617048"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0542"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617048",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617048"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542"
        }
      ],
      "release_date": "2003-10-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0851",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
        }
      ],
      "release_date": "2003-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0079",
      "discovery_date": "2004-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0079"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0079"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2004:139

Vulnerability from csaf_redhat

Published

2004-03-17 17:20

Modified

2024-11-21 23:00

Summary

Red Hat Security Advisory: apache, openssl security update for Stronghold

Notes

Topic

Updated versions of Stronghold 4 cross-platform are available that fix security issues affecting OpenSSL and the Apache HTTP Server. A number of bug fixes are also included.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nsecurity issues affecting OpenSSL and the Apache HTTP Server. A number\nof bug fixes are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and the Apache HTTP Server.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can\nlead to a denial of service attack (infinite loop). The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0081 to this issue.\n\nTesting performed by the OpenSSL group using the Codenomicon TLS Test Tool\nuncovered a null-pointer assignment in the do_change_cipher_spec() function\nin OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could\nsend a carefully crafted SSL/TLS handshake which could lead to a denial of\nservice attack.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0079 to this issue.\n\nTesting performed by Novell using a test suite provided by NISCC uncovered\nan issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l\nwhich could cause large recursion and possibly lead to a denial of service\nattack if used where stack space is limited. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851\nto this issue.\n\nAn issue in the handling of regular expressions from configuration files\nwas discovered in releases of the Apache HTTP Server version 1.3 prior to\n1.3.29. To exploit this issue an attacker would need to have the ability\nto write to Apache configuration files such as .htaccess or httpd.conf. A\ncarefully-crafted configuration file can cause an exploitable buffer\noverflow and would allow the attacker to execute arbitrary code in the\ncontext of the server. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0542 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:139",
        "url": "https://access.redhat.com/errata/RHSA-2004:139"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.codenomicon.com/testtools/tls/",
        "url": "http://www.codenomicon.com/testtools/tls/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_139.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:35+00:00",
      "generator": {
        "date": "2024-11-21T23:00:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:139",
      "initial_release_date": "2004-03-17T17:20:00+00:00",
      "revision_history": [
        {
          "date": "2004-03-17T17:20:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-03-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:00:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0542",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617048"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0542"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617048",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617048"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0542"
        }
      ],
      "release_date": "2003-10-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0851",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617090"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617090",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617090"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
        }
      ],
      "release_date": "2003-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0079",
      "discovery_date": "2004-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0079"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0079"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0079"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617142"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617142",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617142"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0081"
        }
      ],
      "release_date": "2004-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-03-17T17:20:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice. Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0h patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:139"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

var-200312-0218

Vulnerability from variot

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. This issue is also known to affect numerous Cisco products. It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database.

TITLE: Red Hat update for openssl

SECUNIA ADVISORY ID: SA17398

VERIFY ADVISORY: http://secunia.com/advisories/17398/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/

DESCRIPTION: Red Hat has issued an update for openssl. http://rhn.redhat.com/

ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2005-829.html

OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]

Denial of Service in ASN.1 parsing

Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.

Subsequent to that release, Novell Inc. carried out further testing using the NISCC suite. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.

Patches for this issue have been created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.

Who is affected?

OpenSSL 0.9.6k is affected by the bug, but the denial of service does not affect all platforms. This issue does not affect OpenSSL 0.9.7. Currently only OpenSSL running on Windows platforms is known to crash.

Recommendations

Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

OpenSSL 0.9.6l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file name is:

o openssl-0.9.6l.tar.gz [normal]
  MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27
o openssl-engine-0.9.6l.tar.gz [engine]
  MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c

The checksums were calculated using the following command:

openssl md5 < openssl-0.9.6l.tar.gz
openssl md5 < openssl-engine-0.9.6l.tar.gz

References

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851

URL for this Security Advisory: https://www.openssl.org/news/secadv_20031104.txt

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200312-0218",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "0.9.6k"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2sy"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(11b\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.1\\(11\\)e"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "12.2sx"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "netbsd",
        "version": "1.6.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "netbsd",
        "version": "1.6"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7b"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2.2_.111"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(3\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6f"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(3\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6h"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6g"
      },
      {
        "model": "css11000 content services switch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6e"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(5\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(1\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(3\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6a"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(4.101\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(1\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.2\\(2\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6c"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.3\\(3.102\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6i"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(2\\)"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0\\(1\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "pix firewall software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(4\\)"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.6b"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.1"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "netbsd",
        "version": "1.5.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sgi",
        "version": "2.3"
      },
      {
        "model": "propack",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sgi",
        "version": "2.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "2.1 (ws)"
      },
      {
        "model": "ios 12.1 e",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.21"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.20"
      },
      {
        "model": "irix m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "irix f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sgi",
        "version": "6.5.19"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.22"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.21"
      },
      {
        "model": "software opera web browser",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.20"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.2"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2.111"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.2"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(5)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(3)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1(1)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.4"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.3"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4.101)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(4)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(2)"
      },
      {
        "model": "pix firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0(1)"
      },
      {
        "model": "ios 12.2sy",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.2sx",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 e12",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ec",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ios 12.1 ea1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firewall services module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.1(0.208)"
      },
      {
        "model": "css11000 content services switch",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "software opera web browser",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "opera",
        "version": "7.23"
      },
      {
        "model": "project openssl c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.7"
      },
      {
        "model": "project openssl l",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.6"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.1.2"
      },
      {
        "model": "coat systems security gateway os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1.10"
      },
      {
        "model": "coat systems cacheos ca/sa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.1.12"
      },
      {
        "model": "oneworld xe/erp8 applications sp22",
        "scope": null,
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": null
      },
      {
        "model": "enterpriseone applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.93"
      },
      {
        "model": "enterpriseone applications sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "peoplesoft",
        "version": "8.9"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.5"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1.4"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "oracle9i application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "oracle8i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4"
      },
      {
        "model": "oracle8i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7.4.0"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.4"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3"
      },
      {
        "model": "enterprise manager grid control 10g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.4.0"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.9"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.8"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.7"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.6"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.5"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.4"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.3"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.1"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.2"
      },
      {
        "model": "collaboration suite release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "29.0.4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Litchfield\u203b david@nextgenss.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0851",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2003-0851",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-7676",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0851",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#412478",
            "trust": 0.8,
            "value": "3.23"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200312-003",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-7676",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. \nThis issue is also known to affect numerous Cisco products.  It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database. \n\nTITLE:\nRed Hat update for openssl\n\nSECUNIA ADVISORY ID:\nSA17398\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17398/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nRedHat Linux Advanced Workstation 2.1 for Itanium\nhttp://secunia.com/product/1326/\nRedHat Enterprise Linux WS 2.1\nhttp://secunia.com/product/1044/\nRedHat Enterprise Linux ES 2.1\nhttp://secunia.com/product/1306/\nRedHat Enterprise Linux AS 2.1\nhttp://secunia.com/product/48/\n\nDESCRIPTION:\nRed Hat has issued an update for openssl. \nhttp://rhn.redhat.com/\n\nORIGINAL ADVISORY:\nhttp://rhn.redhat.com/errata/RHSA-2005-829.html\n\nOTHER REFERENCES:\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]\n\nDenial of Service in ASN.1 parsing\n==================================\n\nPreviously, OpenSSL 0.9.6k was released on the 30 September 2003 to\naddress various ASN.1 issues.  The issues were found using a test\nsuite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. \n\nSubsequent to that release, Novell Inc. carried out further testing\nusing the NISCC suite.  This could be\nperformed for example by sending a client certificate to a SSL/TLS\nenabled server which is configured to accept them.  \n\nPatches for this issue have been created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. \n\nWho is affected?\n----------------\n\nOpenSSL 0.9.6k is affected by the bug, but the denial of service does\nnot affect all platforms.  This issue does not affect OpenSSL 0.9.7. \nCurrently only OpenSSL running on Windows platforms is known to crash. \n\nRecommendations\n---------------\n\nUpgrade to OpenSSL 0.9.6l or 0.9.7c.  Recompile any OpenSSL\napplications statically linked to OpenSSL libraries. \n\nOpenSSL 0.9.6l is available for download via HTTP and FTP from the\nfollowing master locations (you can find the various FTP mirrors under\nhttps://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file name is:\n\n    o openssl-0.9.6l.tar.gz [normal]\n      MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27\n    o openssl-engine-0.9.6l.tar.gz [engine]\n      MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c\n\nThe checksums were calculated using the following command:\n\n    openssl md5 \u003c openssl-0.9.6l.tar.gz\n    openssl md5 \u003c openssl-engine-0.9.6l.tar.gz\n\nReferences\n----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0851 to this issue. \n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20031104.txt\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      },
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#412478",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "8970",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "17381",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331",
        "trust": 0.8
      },
      {
        "db": "NETBSD",
        "id": "NETBSD-SA2004-003",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5528",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20040508 [FLSA-2004:1395] UPDATED OPENSSL RESOLVES SECURITY VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20031104 [OPENSSL ADVISORY] DENIAL OF SERVICE IN ASN.1 PARSING",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20030930 SSL IMPLEMENTATION VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2004:119",
        "trust": 0.6
      },
      {
        "db": "SGI",
        "id": "20040304-01-U",
        "trust": 0.6
      },
      {
        "db": "FEDORA",
        "id": "FEDORA-2005-1042",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "13139",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41200",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169672",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "id": "VAR-200312-0218",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T21:21:01.334000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20030930-ssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "title": "NetBSD-SA2004-003",
        "trust": 0.8,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc"
      },
      {
        "title": "secadv_20031104",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20031104.txt"
      },
      {
        "title": "RHSA-2004:119",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "title": "20040304-01-U",
        "trust": 0.8,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
      },
      {
        "title": "RHSA-2004:119",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-119j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.openssl.org/news/secadv_20031104.txt"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/8970"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/412478"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/17381"
      },
      {
        "trust": 2.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-119.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html"
      },
      {
        "trust": 1.7,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5528"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl2.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.itu.int/itu-t/asn1/"
      },
      {
        "trust": 0.8,
        "url": "http://www.itu.int/itu-t/studygroups/com10/languages/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/advisories/ca-2003-26.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0851"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trca-2003-26"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0851"
      },
      {
        "trust": 0.8,
        "url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106796246511667\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5528"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108403850228012\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.opera.com/windows/changelogs/723/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2004-139.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/support/knowledge/advisory_asn1_parsing_0.9.6.l.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/395699"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=106796246511667\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108403850228012\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/48/"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2005-829.html"
      },
      {
        "trust": 0.1,
        "url": "http://rhn.redhat.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1326/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1306/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/11139/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17398/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1044/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0851"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0851"
      },
      {
        "trust": 0.1,
        "url": "https://www.niscc.gov.uk)"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/source/mirror.html):"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "db": "BID",
        "id": "8970"
      },
      {
        "db": "BID",
        "id": "13139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-11-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "date": "2003-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "date": "2003-11-04T00:00:00",
        "db": "BID",
        "id": "8970"
      },
      {
        "date": "2005-04-12T00:00:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "date": "2005-11-03T01:02:14",
        "db": "PACKETSTORM",
        "id": "41200"
      },
      {
        "date": "2003-11-04T12:12:12",
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "date": "2003-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "date": "2003-12-01T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-11-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#412478"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7676"
      },
      {
        "date": "2015-03-19T08:52:00",
        "db": "BID",
        "id": "8970"
      },
      {
        "date": "2006-05-05T23:30:00",
        "db": "BID",
        "id": "13139"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000331"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      },
      {
        "date": "2018-10-30T16:26:18.123000",
        "db": "NVD",
        "id": "CVE-2003-0851"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL 0.9.6k does not properly handle ASN.1 sequences",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#412478"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200312-003"
      }
    ],
    "trust": 0.6
  }
}

ghsa-m2h2-rm4v-5p5x

Vulnerability from github

Published

2022-05-03 03:09

Modified

2022-05-03 03:09

Details

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0851"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-12-01T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
  "id": "GHSA-m2h2-rm4v-5p5x",
  "modified": "2022-05-03T03:09:47Z",
  "published": "2022-05-03T03:09:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0851"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17381"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/412478"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20031104.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/8970"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2003-0851

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

Aliases

CVE-2003-0851

Aliases

CVE-2003-0851

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0851",
    "description": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
    "id": "GSD-2003-0851",
    "references": [
      "https://access.redhat.com/errata/RHSA-2004:139",
      "https://access.redhat.com/errata/RHSA-2004:119"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0851"
      ],
      "details": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.",
      "id": "GSD-2003-0851",
      "modified": "2023-12-13T01:22:13.201489Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0851",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:5528",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
          },
          {
            "name": "FEDORA-2005-1042",
            "refsource": "FEDORA",
            "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
          },
          {
            "name": "20040304-01-U",
            "refsource": "SGI",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
          },
          {
            "name": "17381",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17381"
          },
          {
            "name": "NetBSD-SA2004-003",
            "refsource": "NETBSD",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
          },
          {
            "name": "20030930 SSL Implementation Vulnerabilities",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
          },
          {
            "name": "8970",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/8970"
          },
          {
            "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
          },
          {
            "name": "RHSA-2004:119",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
          },
          {
            "name": "http://www.openssl.org/news/secadv_20031104.txt",
            "refsource": "CONFIRM",
            "url": "http://www.openssl.org/news/secadv_20031104.txt"
          },
          {
            "name": "VU#412478",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/412478"
          },
          {
            "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0851"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openssl.org/news/secadv_20031104.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.openssl.org/news/secadv_20031104.txt"
            },
            {
              "name": "VU#412478",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/412478"
            },
            {
              "name": "8970",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/8970"
            },
            {
              "name": "20030930 SSL Implementation Vulnerabilities",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
            },
            {
              "name": "NetBSD-SA2004-003",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
            },
            {
              "name": "RHSA-2004:119",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "20040304-01-U",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "FEDORA-2005-1042",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "17381",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:5528",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2003-12-01T05:00Z"
    }
  }
}

cve-2003-0851

Vulnerability from fkie_nvd

Published

2003-12-01 05:00

Modified

2024-11-20 23:45

Severity ?

Summary

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

References

URL	Tags
cve@mitre.org	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
cve@mitre.org	http://marc.info/?l=bugtraq&m=106796246511667&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=108403850228012&w=2
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2004-119.html
cve@mitre.org	http://secunia.com/advisories/17381
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
cve@mitre.org	http://www.kb.cert.org/vuls/id/412478	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.openssl.org/news/secadv_20031104.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
cve@mitre.org	http://www.securityfocus.com/bid/8970	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106796246511667&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=108403850228012&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2004-119.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17381
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/412478	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20031104.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8970	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528

Impacted products

Vendor	Product	Version
cisco	ios	12.1\(11\)e
cisco	ios	12.1\(11b\)e
cisco	ios	12.2sx
cisco	ios	12.2sy
cisco	css11000_content_services_switch	*
cisco	pix_firewall	6.2.2_.111
openssl	openssl	0.9.6
openssl	openssl	0.9.6a
openssl	openssl	0.9.6b
openssl	openssl	0.9.6c
openssl	openssl	0.9.6d
openssl	openssl	0.9.6e
openssl	openssl	0.9.6f
openssl	openssl	0.9.6g
openssl	openssl	0.9.6h
openssl	openssl	0.9.6i
openssl	openssl	0.9.6j
openssl	openssl	0.9.6k
openssl	openssl	0.9.7
openssl	openssl	0.9.7a
openssl	openssl	0.9.7b
cisco	pix_firewall_software	6.0
cisco	pix_firewall_software	6.0\(1\)
cisco	pix_firewall_software	6.0\(2\)
cisco	pix_firewall_software	6.0\(3\)
cisco	pix_firewall_software	6.0\(4\)
cisco	pix_firewall_software	6.0\(4.101\)
cisco	pix_firewall_software	6.1
cisco	pix_firewall_software	6.1\(1\)
cisco	pix_firewall_software	6.1\(2\)
cisco	pix_firewall_software	6.1\(3\)
cisco	pix_firewall_software	6.1\(4\)
cisco	pix_firewall_software	6.1\(5\)
cisco	pix_firewall_software	6.2
cisco	pix_firewall_software	6.2\(1\)
cisco	pix_firewall_software	6.2\(2\)
cisco	pix_firewall_software	6.2\(3\)
cisco	pix_firewall_software	6.3\(1\)
cisco	pix_firewall_software	6.3\(3.102\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BA1FE-0826-47A7-8BD3-9225E0841EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "040B04CD-B891-4F19-A7CC-5C2D462FBD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE0B5B8-DEB1-4021-B854-177C0D9FD73A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
              "matchCriteriaId": "09458CD7-D430-4957-8506-FAB2A3E2AA65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E1B690-C58B-4C08-A757-F3DF451FDAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
    },
    {
      "lang": "es",
      "value": "OpenSSL 0.9.6k, cuando se ejecuta en Windows, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda por recursi\u00f3n excesiva) mediante secuencias ASN.1 malformadas."
    }
  ],
  "id": "CVE-2003-0851",
  "lastModified": "2024-11-20T23:45:40.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-12-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17381"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/412478"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20031104.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8970"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/412478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20031104.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from variot

Denial of Service in ASN.1 parsing

Who is affected?

Recommendations

References

Vulnerability from github

Vulnerability from gsd

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature