Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2004-2761 (GCVE-0-2004-2761)
Vulnerability from cvelistv5 – Published: 2009-01-05 20:00 – Updated: 2024-08-08 01:36
VLAI?
EPSS
Summary
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33065",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33065"
},
{
"name": "RHSA-2010:0837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"name": "VU#836068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"name": "4866",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4866"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"name": "33826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33826"
},
{
"name": "34281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34281"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "RHSA-2010:0838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"name": "USN-740-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"name": "1024697",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024697"
},
{
"name": "FEDORA-2009-1276",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "42181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33065",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33065"
},
{
"name": "RHSA-2010:0837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"name": "VU#836068",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"name": "4866",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4866"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"name": "33826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33826"
},
{
"name": "34281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34281"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "RHSA-2010:0838",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"name": "USN-740-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"name": "1024697",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024697"
},
{
"name": "FEDORA-2009-1276",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "42181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33065"
},
{
"name": "RHSA-2010:0837",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"name": "http://www.phreedom.org/research/rogue-ca/",
"refsource": "MISC",
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"name": "VU#836068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"name": "4866",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4866"
},
{
"name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/",
"refsource": "MISC",
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/",
"refsource": "MISC",
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"name": "33826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33826"
},
{
"name": "34281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34281"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/961509.mspx",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"name": "http://www.doxpara.com/research/md5/md5_someday.pdf",
"refsource": "MISC",
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "RHSA-2010:0838",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php",
"refsource": "MISC",
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"name": "USN-740-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"name": "1024697",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024697"
},
{
"name": "FEDORA-2009-1276",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "42181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42181"
},
{
"name": "http://www.win.tue.nl/hashclash/rogue-ca/",
"refsource": "MISC",
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2761",
"datePublished": "2009-01-05T20:00:00",
"dateReserved": "2009-01-05T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DFFBAC4-D50D-4CC4-A12C-9708D3C1199C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3009C5D9-9EF8-43B2-BF17-DEBC497994B5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.\"}, {\"lang\": \"es\", \"value\": \"El algoritmo MD5 Message-Digest no resistente a colisi\\u00f3n, el cual hace m\\u00e1s f\\u00e1cil para atacantes dependientes de contexto, llevar a cabo ataques de suplantaci\\u00f3n, como lo demuestran los ataques de utilizaci\\u00f3n de MD5 en la firma del algoritmo de un certificado X.509.\"}]",
"evaluatorImpact": "There are four significant mitigating factors.\n\n1) Most enterprise-class certificates, such as VeriSign\u2019s Extended Validation SSL Certificates use the still secure SHA-1 hash function. \n\n2) Certificates already issued with MD5 signatures are not at risk. The exploit only affects new certificate acquisitions. \n\n3) CAs are quickly moving to replace MD5 with SHA-1. For example, VeriSign was planning to phase out MD5 by the end of January 2009. The date was pushed up due to the December proof of concept. On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures. \n\n4)The researchers did not release the under-the-hood specifics of how the exploit was executed. \n\nSource - http://www.techrepublic.com/blog/it-security/the-new-md5-ssl-exploit-is-not-the-end-of-civilization-as-we-know-it/?tag=nl.e036",
"id": "CVE-2004-2761",
"lastModified": "2024-11-20T23:54:09.503",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2009-01-05T20:30:02.140",
"references": "[{\"url\": \"http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/33826\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34281\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42181\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4866\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1024697\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.doxpara.com/research/md5/md5_someday.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/836068\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/961509.mspx\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.phreedom.org/research/rogue-ca/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/499685/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/33065\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-740-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.win.tue.nl/hashclash/SoftIntCodeSign/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.win.tue.nl/hashclash/rogue-ca/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=648886\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0837.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0838.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33826\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1024697\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.doxpara.com/research/md5/md5_someday.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/836068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/961509.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.phreedom.org/research/rogue-ca/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/499685/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/33065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-740-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.win.tue.nl/hashclash/SoftIntCodeSign/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.win.tue.nl/hashclash/rogue-ca/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=648886\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0837.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0838.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Please see http://kbase.redhat.com/faq/docs/DOC-15379\", \"lastModified\": \"2009-01-07T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2004-2761\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-01-05T20:30:02.140\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.\"},{\"lang\":\"es\",\"value\":\"El algoritmo MD5 Message-Digest no resistente a colisi\u00f3n, el cual hace m\u00e1s f\u00e1cil para atacantes dependientes de contexto, llevar a cabo ataques de suplantaci\u00f3n, como lo demuestran los ataques de utilizaci\u00f3n de MD5 en la firma del algoritmo de un certificado X.509.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFFBAC4-D50D-4CC4-A12C-9708D3C1199C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3009C5D9-9EF8-43B2-BF17-DEBC497994B5\"}]}]}],\"references\":[{\"url\":\"http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33826\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34281\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42181\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4866\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1024697\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.doxpara.com/research/md5/md5_someday.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/836068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/961509.mspx\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.phreedom.org/research/rogue-ca/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/499685/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/33065\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-740-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.win.tue.nl/hashclash/SoftIntCodeSign/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.win.tue.nl/hashclash/rogue-ca/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=648886\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0837.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0838.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1024697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.doxpara.com/research/md5/md5_someday.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/836068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/961509.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.phreedom.org/research/rogue-ca/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/499685/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-740-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.win.tue.nl/hashclash/SoftIntCodeSign/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.win.tue.nl/hashclash/rogue-ca/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=648886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0837.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0838.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"There are four significant mitigating factors.\\n\\n1) Most enterprise-class certificates, such as VeriSign\u2019s Extended Validation SSL Certificates use the still secure SHA-1 hash function. \\n\\n2) Certificates already issued with MD5 signatures are not at risk. The exploit only affects new certificate acquisitions. \\n\\n3) CAs are quickly moving to replace MD5 with SHA-1. For example, VeriSign was planning to phase out MD5 by the end of January 2009. The date was pushed up due to the December proof of concept. On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures. \\n\\n4)The researchers did not release the under-the-hood specifics of how the exploit was executed. \\n\\nSource - http://www.techrepublic.com/blog/it-security/the-new-md5-ssl-exploit-is-not-the-end-of-civilization-as-we-know-it/?tag=nl.e036\",\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Please see http://kbase.redhat.com/faq/docs/DOC-15379\",\"lastModified\":\"2009-01-07T00:00:00\"}]}}"
}
}
RHSA-2010:0838
Vulnerability from csaf_redhat - Published: 2010-11-08 20:09 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: pki security and enhancement update
Notes
Topic
Updated pki-ca, pki-util, and pki-common packages that fix three security
issues and add several enhancements are now available for Red Hat
Certificate System 8.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments. Simple
Certificate Enrollment Protocol (SCEP) is a PKI communication protocol
used to automatically enroll certificates for network devices.
The certificate authority allowed unauthenticated users to request the
one-time PIN in an SCEP request to be decrypted. An attacker able to sniff
an SCEP request from a network device could request the certificate
authority to decrypt the request, allowing them to obtain the one-time
PIN. With this update, the certificate authority only handles decryption
requests from authenticated registration authorities. (CVE-2010-3868)
The certificate authority allowed the one-time PIN used in SCEP requests
to be re-used. An attacker possessing a valid SCEP enrollment one-time PIN
could use it to generate an unlimited number of certificates.
(CVE-2010-3869)
The certificate authority used the MD5 hash algorithm to sign all SCEP
protocol responses. As MD5 is not collision resistant, an attacker could
use this flaw to perform an MD5 chosen-prefix collision attack to generate
attack-chosen output signed using the certificate authority's key.
(CVE-2004-2761)
This update also adds the following enhancements:
* New configuration options for the SCEP server can define the default and
allowed encryption and hash algorithms. These options allow disabling uses
of the weaker algorithms not required by network devices and prevent
possible downgrade attacks. These can be configured by adding the following
options to the certificate authority's CS.cfg configuration file:
ca.scep.encryptionAlgorithm=DES3
ca.scep.allowedEncryptionAlgorithms=DES3
ca.scep.hashAlgorithm=SHA1
ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
* With this update, the certificate authority's SCEP server is disabled by
default. The SCEP server can be enabled by adding the 'ca.scep.enable=true'
option to the certificate authority's CS.cfg configuration file.
* A separate key pair can now be configured for use in SCEP communication.
Previously, the main certificate authority's key pair was used for SCEP
communication too. A designated SCEP key pair can be referenced by adding
a new option, ca.scep.nickname=[scep certificate nickname], to the
certificate authority's CS.cfg configuration file.
* The certificate authority now allows the size of nonces used in SCEP
requests to be restricted by adding a new option, ca.scep.nonceSizeLimit=
[number of bytes], to the certificate authority's CS.cfg configuration
file. The limit is set to 16 bytes in the default CS.cfg configuration
file.
All users of Red Hat Certificate System 8 should upgrade to these updated
packages, which resolve these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pki-ca, pki-util, and pki-common packages that fix three security\nissues and add several enhancements are now available for Red Hat\nCertificate System 8.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments. Simple\nCertificate Enrollment Protocol (SCEP) is a PKI communication protocol\nused to automatically enroll certificates for network devices.\n\nThe certificate authority allowed unauthenticated users to request the\none-time PIN in an SCEP request to be decrypted. An attacker able to sniff\nan SCEP request from a network device could request the certificate\nauthority to decrypt the request, allowing them to obtain the one-time\nPIN. With this update, the certificate authority only handles decryption\nrequests from authenticated registration authorities. (CVE-2010-3868)\n\nThe certificate authority allowed the one-time PIN used in SCEP requests\nto be re-used. An attacker possessing a valid SCEP enrollment one-time PIN\ncould use it to generate an unlimited number of certificates.\n(CVE-2010-3869)\n\nThe certificate authority used the MD5 hash algorithm to sign all SCEP\nprotocol responses. As MD5 is not collision resistant, an attacker could\nuse this flaw to perform an MD5 chosen-prefix collision attack to generate\nattack-chosen output signed using the certificate authority\u0027s key.\n(CVE-2004-2761)\n\nThis update also adds the following enhancements:\n\n* New configuration options for the SCEP server can define the default and\nallowed encryption and hash algorithms. These options allow disabling uses\nof the weaker algorithms not required by network devices and prevent\npossible downgrade attacks. These can be configured by adding the following\noptions to the certificate authority\u0027s CS.cfg configuration file:\n\n ca.scep.encryptionAlgorithm=DES3\n ca.scep.allowedEncryptionAlgorithms=DES3\n ca.scep.hashAlgorithm=SHA1\n ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512\n\n* With this update, the certificate authority\u0027s SCEP server is disabled by\ndefault. The SCEP server can be enabled by adding the \u0027ca.scep.enable=true\u0027\noption to the certificate authority\u0027s CS.cfg configuration file.\n\n* A separate key pair can now be configured for use in SCEP communication.\nPreviously, the main certificate authority\u0027s key pair was used for SCEP\ncommunication too. A designated SCEP key pair can be referenced by adding\na new option, ca.scep.nickname=[scep certificate nickname], to the\ncertificate authority\u0027s CS.cfg configuration file.\n\n* The certificate authority now allows the size of nonces used in SCEP\nrequests to be restricted by adding a new option, ca.scep.nonceSizeLimit=\n[number of bytes], to the certificate authority\u0027s CS.cfg configuration\nfile. The limit is set to 16 bytes in the default CS.cfg configuration\nfile.\n\nAll users of Red Hat Certificate System 8 should upgrade to these updated\npackages, which resolve these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0838",
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0838.json"
}
],
"title": "Red Hat Security Advisory: pki security and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:36:58+00:00",
"generator": {
"date": "2025-11-21T17:36:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0838",
"initial_release_date": "2010-11-08T20:09:00+00:00",
"revision_history": [
{
"date": "2010-11-08T20:09:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-11-08T15:12:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 8",
"product": {
"name": "Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:8::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-ca-0:8.0.7-1.el5pki.src",
"product": {
"name": "pki-ca-0:8.0.7-1.el5pki.src",
"product_id": "pki-ca-0:8.0.7-1.el5pki.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@8.0.7-1.el5pki?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-util-0:8.0.5-1.el5pki.src",
"product": {
"name": "pki-util-0:8.0.5-1.el5pki.src",
"product_id": "pki-util-0:8.0.5-1.el5pki.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-util@8.0.5-1.el5pki?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-common-0:8.0.6-2.el5pki.src",
"product": {
"name": "pki-common-0:8.0.6-2.el5pki.src",
"product_id": "pki-common-0:8.0.6-2.el5pki.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-common@8.0.6-2.el5pki?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-ca-0:8.0.7-1.el5pki.noarch",
"product": {
"name": "pki-ca-0:8.0.7-1.el5pki.noarch",
"product_id": "pki-ca-0:8.0.7-1.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@8.0.7-1.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-util-0:8.0.5-1.el5pki.noarch",
"product": {
"name": "pki-util-0:8.0.5-1.el5pki.noarch",
"product_id": "pki-util-0:8.0.5-1.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-util@8.0.5-1.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"product": {
"name": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"product_id": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-util-javadoc@8.0.5-1.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"product": {
"name": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"product_id": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-common-javadoc@8.0.6-2.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-common-0:8.0.6-2.el5pki.noarch",
"product": {
"name": "pki-common-0:8.0.6-2.el5pki.noarch",
"product_id": "pki-common-0:8.0.6-2.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-common@8.0.6-2.el5pki?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:8.0.7-1.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch"
},
"product_reference": "pki-ca-0:8.0.7-1.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:8.0.7-1.el5pki.src as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src"
},
"product_reference": "pki-ca-0:8.0.7-1.el5pki.src",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-common-0:8.0.6-2.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch"
},
"product_reference": "pki-common-0:8.0.6-2.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-common-0:8.0.6-2.el5pki.src as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src"
},
"product_reference": "pki-common-0:8.0.6-2.el5pki.src",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch"
},
"product_reference": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-util-0:8.0.5-1.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch"
},
"product_reference": "pki-util-0:8.0.5-1.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-util-0:8.0.5-1.el5pki.src as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src"
},
"product_reference": "pki-util-0:8.0.5-1.el5pki.src",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
},
"product_reference": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2761",
"discovery_date": "2008-12-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648886"
}
],
"notes": [
{
"category": "description",
"text": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "MD5: MD5 Message-Digest Algorithm is not collision resistant",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please see https://access.redhat.com/solutions/15378",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-2761"
},
{
"category": "external",
"summary": "RHBZ#648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761"
}
],
"release_date": "2008-12-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:09:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "MD5: MD5 Message-Digest Algorithm is not collision resistant"
},
{
"cve": "CVE-2010-3868",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648882"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: unauthenticated user can request SCEP one-time PIN decryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3868"
},
{
"category": "external",
"summary": "RHBZ#648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:09:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: unauthenticated user can request SCEP one-time PIN decryption"
},
{
"cve": "CVE-2010-3869",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648883"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: SCEP one-time PIN reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3869"
},
{
"category": "external",
"summary": "RHBZ#648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3869",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:09:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: SCEP one-time PIN reuse"
}
]
}
RHSA-2010_0837
Vulnerability from csaf_redhat - Published: 2010-11-08 20:06 - Updated: 2024-11-22 03:45Summary
Red Hat Security Advisory: rhpki security and enhancement update
Notes
Topic
Updated rhpki-ca, rhpki-common, and rhpki-util packages that fix three
security issues and add several enhancements are now available for Red Hat
Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments. Simple
Certificate Enrollment Protocol (SCEP) is a PKI communication protocol
used to automatically enroll certificates for network devices.
The certificate authority allowed unauthenticated users to request the
one-time PIN in an SCEP request to be decrypted. An attacker able to sniff
an SCEP request from a network device could request the certificate
authority to decrypt the request, allowing them to obtain the one-time
PIN. With this update, the certificate authority only handles decryption
requests from authenticated registration authorities. (CVE-2010-3868)
The certificate authority allowed the one-time PIN used in SCEP requests
to be re-used. An attacker possessing a valid SCEP enrollment one-time PIN
could use it to generate an unlimited number of certificates.
(CVE-2010-3869)
The certificate authority used the MD5 hash algorithm to sign all SCEP
protocol responses. As MD5 is not collision resistant, an attacker could
use this flaw to perform an MD5 chosen-prefix collision attack to generate
attack-chosen output signed using the certificate authority's key.
(CVE-2004-2761)
This update also adds the following enhancements:
* Support for the stronger encryption algorithm Triple-DES (DES3), and
stronger hash algorithms SHA1, SHA256, and SHA512, for use in SCEP
communication. These algorithms are in addition to the previously supported
DES and MD5 algorithms.
* New configuration options for the SCEP server can define the default and
allowed encryption and hash algorithms. These options allow disabling uses
of the weaker algorithms not required by network devices and prevent
possible downgrade attacks. These can be configured by adding the following
options to the certificate authority's CS.cfg configuration file:
ca.scep.encryptionAlgorithm=DES3
ca.scep.allowedEncryptionAlgorithms=DES3
ca.scep.hashAlgorithm=SHA1
ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
* With this update, the certificate authority's SCEP server is disabled by
default. The SCEP server can be enabled by adding the 'ca.scep.enable=true'
option to the certificate authority's CS.cfg configuration file.
* A separate key pair can now be configured for use in SCEP communication.
Previously, the main certificate authority's key pair was used for SCEP
communication too. A designated SCEP key pair can be referenced by adding
a new option, ca.scep.nickname=[scep certificate nickname], to the
certificate authority's CS.cfg configuration file.
* The certificate authority now allows the size of nonces used in SCEP
requests to be restricted by adding a new option, ca.scep.nonceSizeLimit=
[number of bytes], to the certificate authority's CS.cfg configuration
file. The limit is set to 16 bytes in the default CS.cfg configuration
file.
All users of Red Hat Certificate System 7.3 should upgrade to these updated
packages, which resolve these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhpki-ca, rhpki-common, and rhpki-util packages that fix three\nsecurity issues and add several enhancements are now available for Red Hat\nCertificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments. Simple\nCertificate Enrollment Protocol (SCEP) is a PKI communication protocol\nused to automatically enroll certificates for network devices.\n\nThe certificate authority allowed unauthenticated users to request the\none-time PIN in an SCEP request to be decrypted. An attacker able to sniff\nan SCEP request from a network device could request the certificate\nauthority to decrypt the request, allowing them to obtain the one-time\nPIN. With this update, the certificate authority only handles decryption\nrequests from authenticated registration authorities. (CVE-2010-3868)\n\nThe certificate authority allowed the one-time PIN used in SCEP requests\nto be re-used. An attacker possessing a valid SCEP enrollment one-time PIN\ncould use it to generate an unlimited number of certificates.\n(CVE-2010-3869)\n\nThe certificate authority used the MD5 hash algorithm to sign all SCEP\nprotocol responses. As MD5 is not collision resistant, an attacker could\nuse this flaw to perform an MD5 chosen-prefix collision attack to generate\nattack-chosen output signed using the certificate authority\u0027s key.\n(CVE-2004-2761)\n\nThis update also adds the following enhancements:\n\n* Support for the stronger encryption algorithm Triple-DES (DES3), and\nstronger hash algorithms SHA1, SHA256, and SHA512, for use in SCEP\ncommunication. These algorithms are in addition to the previously supported\nDES and MD5 algorithms.\n\n* New configuration options for the SCEP server can define the default and\nallowed encryption and hash algorithms. These options allow disabling uses\nof the weaker algorithms not required by network devices and prevent\npossible downgrade attacks. These can be configured by adding the following\noptions to the certificate authority\u0027s CS.cfg configuration file:\n\n ca.scep.encryptionAlgorithm=DES3\n ca.scep.allowedEncryptionAlgorithms=DES3\n ca.scep.hashAlgorithm=SHA1\n ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512\n\n* With this update, the certificate authority\u0027s SCEP server is disabled by\ndefault. The SCEP server can be enabled by adding the \u0027ca.scep.enable=true\u0027\noption to the certificate authority\u0027s CS.cfg configuration file.\n\n* A separate key pair can now be configured for use in SCEP communication.\nPreviously, the main certificate authority\u0027s key pair was used for SCEP\ncommunication too. A designated SCEP key pair can be referenced by adding\na new option, ca.scep.nickname=[scep certificate nickname], to the\ncertificate authority\u0027s CS.cfg configuration file.\n\n* The certificate authority now allows the size of nonces used in SCEP\nrequests to be restricted by adding a new option, ca.scep.nonceSizeLimit=\n[number of bytes], to the certificate authority\u0027s CS.cfg configuration\nfile. The limit is set to 16 bytes in the default CS.cfg configuration\nfile.\n\nAll users of Red Hat Certificate System 7.3 should upgrade to these updated\npackages, which resolve these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0837",
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0837.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T03:45:37+00:00",
"generator": {
"date": "2024-11-22T03:45:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0837",
"initial_release_date": "2010-11-08T20:06:00+00:00",
"revision_history": [
{
"date": "2010-11-08T20:06:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-11-08T15:06:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:45:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-21.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-21.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-21.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-21.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.3.0-41.el4.noarch",
"product": {
"name": "rhpki-common-0:7.3.0-41.el4.noarch",
"product_id": "rhpki-common-0:7.3.0-41.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.3.0-41.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-util-0:7.3.0-21.el4.noarch",
"product": {
"name": "rhpki-util-0:7.3.0-21.el4.noarch",
"product_id": "rhpki-util-0:7.3.0-21.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-util@7.3.0-21.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-41.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-41.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-41.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-41.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2761",
"discovery_date": "2008-12-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648886"
}
],
"notes": [
{
"category": "description",
"text": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "MD5: MD5 Message-Digest Algorithm is not collision resistant",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please see https://access.redhat.com/solutions/15378",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-2761"
},
{
"category": "external",
"summary": "RHBZ#648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761"
}
],
"release_date": "2008-12-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "MD5: MD5 Message-Digest Algorithm is not collision resistant"
},
{
"cve": "CVE-2010-3868",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648882"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: unauthenticated user can request SCEP one-time PIN decryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3868"
},
{
"category": "external",
"summary": "RHBZ#648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: unauthenticated user can request SCEP one-time PIN decryption"
},
{
"cve": "CVE-2010-3869",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648883"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: SCEP one-time PIN reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3869"
},
{
"category": "external",
"summary": "RHBZ#648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3869",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: SCEP one-time PIN reuse"
}
]
}
RHSA-2010_0838
Vulnerability from csaf_redhat - Published: 2010-11-08 20:09 - Updated: 2024-11-22 03:45Summary
Red Hat Security Advisory: pki security and enhancement update
Notes
Topic
Updated pki-ca, pki-util, and pki-common packages that fix three security
issues and add several enhancements are now available for Red Hat
Certificate System 8.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments. Simple
Certificate Enrollment Protocol (SCEP) is a PKI communication protocol
used to automatically enroll certificates for network devices.
The certificate authority allowed unauthenticated users to request the
one-time PIN in an SCEP request to be decrypted. An attacker able to sniff
an SCEP request from a network device could request the certificate
authority to decrypt the request, allowing them to obtain the one-time
PIN. With this update, the certificate authority only handles decryption
requests from authenticated registration authorities. (CVE-2010-3868)
The certificate authority allowed the one-time PIN used in SCEP requests
to be re-used. An attacker possessing a valid SCEP enrollment one-time PIN
could use it to generate an unlimited number of certificates.
(CVE-2010-3869)
The certificate authority used the MD5 hash algorithm to sign all SCEP
protocol responses. As MD5 is not collision resistant, an attacker could
use this flaw to perform an MD5 chosen-prefix collision attack to generate
attack-chosen output signed using the certificate authority's key.
(CVE-2004-2761)
This update also adds the following enhancements:
* New configuration options for the SCEP server can define the default and
allowed encryption and hash algorithms. These options allow disabling uses
of the weaker algorithms not required by network devices and prevent
possible downgrade attacks. These can be configured by adding the following
options to the certificate authority's CS.cfg configuration file:
ca.scep.encryptionAlgorithm=DES3
ca.scep.allowedEncryptionAlgorithms=DES3
ca.scep.hashAlgorithm=SHA1
ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
* With this update, the certificate authority's SCEP server is disabled by
default. The SCEP server can be enabled by adding the 'ca.scep.enable=true'
option to the certificate authority's CS.cfg configuration file.
* A separate key pair can now be configured for use in SCEP communication.
Previously, the main certificate authority's key pair was used for SCEP
communication too. A designated SCEP key pair can be referenced by adding
a new option, ca.scep.nickname=[scep certificate nickname], to the
certificate authority's CS.cfg configuration file.
* The certificate authority now allows the size of nonces used in SCEP
requests to be restricted by adding a new option, ca.scep.nonceSizeLimit=
[number of bytes], to the certificate authority's CS.cfg configuration
file. The limit is set to 16 bytes in the default CS.cfg configuration
file.
All users of Red Hat Certificate System 8 should upgrade to these updated
packages, which resolve these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pki-ca, pki-util, and pki-common packages that fix three security\nissues and add several enhancements are now available for Red Hat\nCertificate System 8.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments. Simple\nCertificate Enrollment Protocol (SCEP) is a PKI communication protocol\nused to automatically enroll certificates for network devices.\n\nThe certificate authority allowed unauthenticated users to request the\none-time PIN in an SCEP request to be decrypted. An attacker able to sniff\nan SCEP request from a network device could request the certificate\nauthority to decrypt the request, allowing them to obtain the one-time\nPIN. With this update, the certificate authority only handles decryption\nrequests from authenticated registration authorities. (CVE-2010-3868)\n\nThe certificate authority allowed the one-time PIN used in SCEP requests\nto be re-used. An attacker possessing a valid SCEP enrollment one-time PIN\ncould use it to generate an unlimited number of certificates.\n(CVE-2010-3869)\n\nThe certificate authority used the MD5 hash algorithm to sign all SCEP\nprotocol responses. As MD5 is not collision resistant, an attacker could\nuse this flaw to perform an MD5 chosen-prefix collision attack to generate\nattack-chosen output signed using the certificate authority\u0027s key.\n(CVE-2004-2761)\n\nThis update also adds the following enhancements:\n\n* New configuration options for the SCEP server can define the default and\nallowed encryption and hash algorithms. These options allow disabling uses\nof the weaker algorithms not required by network devices and prevent\npossible downgrade attacks. These can be configured by adding the following\noptions to the certificate authority\u0027s CS.cfg configuration file:\n\n ca.scep.encryptionAlgorithm=DES3\n ca.scep.allowedEncryptionAlgorithms=DES3\n ca.scep.hashAlgorithm=SHA1\n ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512\n\n* With this update, the certificate authority\u0027s SCEP server is disabled by\ndefault. The SCEP server can be enabled by adding the \u0027ca.scep.enable=true\u0027\noption to the certificate authority\u0027s CS.cfg configuration file.\n\n* A separate key pair can now be configured for use in SCEP communication.\nPreviously, the main certificate authority\u0027s key pair was used for SCEP\ncommunication too. A designated SCEP key pair can be referenced by adding\na new option, ca.scep.nickname=[scep certificate nickname], to the\ncertificate authority\u0027s CS.cfg configuration file.\n\n* The certificate authority now allows the size of nonces used in SCEP\nrequests to be restricted by adding a new option, ca.scep.nonceSizeLimit=\n[number of bytes], to the certificate authority\u0027s CS.cfg configuration\nfile. The limit is set to 16 bytes in the default CS.cfg configuration\nfile.\n\nAll users of Red Hat Certificate System 8 should upgrade to these updated\npackages, which resolve these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0838",
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0838.json"
}
],
"title": "Red Hat Security Advisory: pki security and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T03:45:42+00:00",
"generator": {
"date": "2024-11-22T03:45:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0838",
"initial_release_date": "2010-11-08T20:09:00+00:00",
"revision_history": [
{
"date": "2010-11-08T20:09:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-11-08T15:12:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:45:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 8",
"product": {
"name": "Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:8::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-ca-0:8.0.7-1.el5pki.src",
"product": {
"name": "pki-ca-0:8.0.7-1.el5pki.src",
"product_id": "pki-ca-0:8.0.7-1.el5pki.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@8.0.7-1.el5pki?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-util-0:8.0.5-1.el5pki.src",
"product": {
"name": "pki-util-0:8.0.5-1.el5pki.src",
"product_id": "pki-util-0:8.0.5-1.el5pki.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-util@8.0.5-1.el5pki?arch=src"
}
}
},
{
"category": "product_version",
"name": "pki-common-0:8.0.6-2.el5pki.src",
"product": {
"name": "pki-common-0:8.0.6-2.el5pki.src",
"product_id": "pki-common-0:8.0.6-2.el5pki.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-common@8.0.6-2.el5pki?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-ca-0:8.0.7-1.el5pki.noarch",
"product": {
"name": "pki-ca-0:8.0.7-1.el5pki.noarch",
"product_id": "pki-ca-0:8.0.7-1.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@8.0.7-1.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-util-0:8.0.5-1.el5pki.noarch",
"product": {
"name": "pki-util-0:8.0.5-1.el5pki.noarch",
"product_id": "pki-util-0:8.0.5-1.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-util@8.0.5-1.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"product": {
"name": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"product_id": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-util-javadoc@8.0.5-1.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"product": {
"name": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"product_id": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-common-javadoc@8.0.6-2.el5pki?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-common-0:8.0.6-2.el5pki.noarch",
"product": {
"name": "pki-common-0:8.0.6-2.el5pki.noarch",
"product_id": "pki-common-0:8.0.6-2.el5pki.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-common@8.0.6-2.el5pki?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:8.0.7-1.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch"
},
"product_reference": "pki-ca-0:8.0.7-1.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:8.0.7-1.el5pki.src as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src"
},
"product_reference": "pki-ca-0:8.0.7-1.el5pki.src",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-common-0:8.0.6-2.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch"
},
"product_reference": "pki-common-0:8.0.6-2.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-common-0:8.0.6-2.el5pki.src as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src"
},
"product_reference": "pki-common-0:8.0.6-2.el5pki.src",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch"
},
"product_reference": "pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-util-0:8.0.5-1.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch"
},
"product_reference": "pki-util-0:8.0.5-1.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-util-0:8.0.5-1.el5pki.src as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src"
},
"product_reference": "pki-util-0:8.0.5-1.el5pki.src",
"relates_to_product_reference": "5Server-RHCertSystem"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch as a component of Red Hat Certificate System 8",
"product_id": "5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
},
"product_reference": "pki-util-javadoc-0:8.0.5-1.el5pki.noarch",
"relates_to_product_reference": "5Server-RHCertSystem"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2761",
"discovery_date": "2008-12-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648886"
}
],
"notes": [
{
"category": "description",
"text": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "MD5: MD5 Message-Digest Algorithm is not collision resistant",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please see https://access.redhat.com/solutions/15378",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-2761"
},
{
"category": "external",
"summary": "RHBZ#648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761"
}
],
"release_date": "2008-12-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:09:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "MD5: MD5 Message-Digest Algorithm is not collision resistant"
},
{
"cve": "CVE-2010-3868",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648882"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: unauthenticated user can request SCEP one-time PIN decryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3868"
},
{
"category": "external",
"summary": "RHBZ#648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:09:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: unauthenticated user can request SCEP one-time PIN decryption"
},
{
"cve": "CVE-2010-3869",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648883"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: SCEP one-time PIN reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3869"
},
{
"category": "external",
"summary": "RHBZ#648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3869",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:09:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0838"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.noarch",
"5Server-RHCertSystem:pki-ca-0:8.0.7-1.el5pki.src",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-common-0:8.0.6-2.el5pki.src",
"5Server-RHCertSystem:pki-common-javadoc-0:8.0.6-2.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.noarch",
"5Server-RHCertSystem:pki-util-0:8.0.5-1.el5pki.src",
"5Server-RHCertSystem:pki-util-javadoc-0:8.0.5-1.el5pki.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: SCEP one-time PIN reuse"
}
]
}
RHSA-2010:0837
Vulnerability from csaf_redhat - Published: 2010-11-08 20:06 - Updated: 2025-11-21 17:36Summary
Red Hat Security Advisory: rhpki security and enhancement update
Notes
Topic
Updated rhpki-ca, rhpki-common, and rhpki-util packages that fix three
security issues and add several enhancements are now available for Red Hat
Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System is an enterprise software system designed to
manage enterprise public key infrastructure (PKI) deployments. Simple
Certificate Enrollment Protocol (SCEP) is a PKI communication protocol
used to automatically enroll certificates for network devices.
The certificate authority allowed unauthenticated users to request the
one-time PIN in an SCEP request to be decrypted. An attacker able to sniff
an SCEP request from a network device could request the certificate
authority to decrypt the request, allowing them to obtain the one-time
PIN. With this update, the certificate authority only handles decryption
requests from authenticated registration authorities. (CVE-2010-3868)
The certificate authority allowed the one-time PIN used in SCEP requests
to be re-used. An attacker possessing a valid SCEP enrollment one-time PIN
could use it to generate an unlimited number of certificates.
(CVE-2010-3869)
The certificate authority used the MD5 hash algorithm to sign all SCEP
protocol responses. As MD5 is not collision resistant, an attacker could
use this flaw to perform an MD5 chosen-prefix collision attack to generate
attack-chosen output signed using the certificate authority's key.
(CVE-2004-2761)
This update also adds the following enhancements:
* Support for the stronger encryption algorithm Triple-DES (DES3), and
stronger hash algorithms SHA1, SHA256, and SHA512, for use in SCEP
communication. These algorithms are in addition to the previously supported
DES and MD5 algorithms.
* New configuration options for the SCEP server can define the default and
allowed encryption and hash algorithms. These options allow disabling uses
of the weaker algorithms not required by network devices and prevent
possible downgrade attacks. These can be configured by adding the following
options to the certificate authority's CS.cfg configuration file:
ca.scep.encryptionAlgorithm=DES3
ca.scep.allowedEncryptionAlgorithms=DES3
ca.scep.hashAlgorithm=SHA1
ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
* With this update, the certificate authority's SCEP server is disabled by
default. The SCEP server can be enabled by adding the 'ca.scep.enable=true'
option to the certificate authority's CS.cfg configuration file.
* A separate key pair can now be configured for use in SCEP communication.
Previously, the main certificate authority's key pair was used for SCEP
communication too. A designated SCEP key pair can be referenced by adding
a new option, ca.scep.nickname=[scep certificate nickname], to the
certificate authority's CS.cfg configuration file.
* The certificate authority now allows the size of nonces used in SCEP
requests to be restricted by adding a new option, ca.scep.nonceSizeLimit=
[number of bytes], to the certificate authority's CS.cfg configuration
file. The limit is set to 16 bytes in the default CS.cfg configuration
file.
All users of Red Hat Certificate System 7.3 should upgrade to these updated
packages, which resolve these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhpki-ca, rhpki-common, and rhpki-util packages that fix three\nsecurity issues and add several enhancements are now available for Red Hat\nCertificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System is an enterprise software system designed to\nmanage enterprise public key infrastructure (PKI) deployments. Simple\nCertificate Enrollment Protocol (SCEP) is a PKI communication protocol\nused to automatically enroll certificates for network devices.\n\nThe certificate authority allowed unauthenticated users to request the\none-time PIN in an SCEP request to be decrypted. An attacker able to sniff\nan SCEP request from a network device could request the certificate\nauthority to decrypt the request, allowing them to obtain the one-time\nPIN. With this update, the certificate authority only handles decryption\nrequests from authenticated registration authorities. (CVE-2010-3868)\n\nThe certificate authority allowed the one-time PIN used in SCEP requests\nto be re-used. An attacker possessing a valid SCEP enrollment one-time PIN\ncould use it to generate an unlimited number of certificates.\n(CVE-2010-3869)\n\nThe certificate authority used the MD5 hash algorithm to sign all SCEP\nprotocol responses. As MD5 is not collision resistant, an attacker could\nuse this flaw to perform an MD5 chosen-prefix collision attack to generate\nattack-chosen output signed using the certificate authority\u0027s key.\n(CVE-2004-2761)\n\nThis update also adds the following enhancements:\n\n* Support for the stronger encryption algorithm Triple-DES (DES3), and\nstronger hash algorithms SHA1, SHA256, and SHA512, for use in SCEP\ncommunication. These algorithms are in addition to the previously supported\nDES and MD5 algorithms.\n\n* New configuration options for the SCEP server can define the default and\nallowed encryption and hash algorithms. These options allow disabling uses\nof the weaker algorithms not required by network devices and prevent\npossible downgrade attacks. These can be configured by adding the following\noptions to the certificate authority\u0027s CS.cfg configuration file:\n\n ca.scep.encryptionAlgorithm=DES3\n ca.scep.allowedEncryptionAlgorithms=DES3\n ca.scep.hashAlgorithm=SHA1\n ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512\n\n* With this update, the certificate authority\u0027s SCEP server is disabled by\ndefault. The SCEP server can be enabled by adding the \u0027ca.scep.enable=true\u0027\noption to the certificate authority\u0027s CS.cfg configuration file.\n\n* A separate key pair can now be configured for use in SCEP communication.\nPreviously, the main certificate authority\u0027s key pair was used for SCEP\ncommunication too. A designated SCEP key pair can be referenced by adding\na new option, ca.scep.nickname=[scep certificate nickname], to the\ncertificate authority\u0027s CS.cfg configuration file.\n\n* The certificate authority now allows the size of nonces used in SCEP\nrequests to be restricted by adding a new option, ca.scep.nonceSizeLimit=\n[number of bytes], to the certificate authority\u0027s CS.cfg configuration\nfile. The limit is set to 16 bytes in the default CS.cfg configuration\nfile.\n\nAll users of Red Hat Certificate System 7.3 should upgrade to these updated\npackages, which resolve these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0837",
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
},
{
"category": "external",
"summary": "648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0837.json"
}
],
"title": "Red Hat Security Advisory: rhpki security and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:36:58+00:00",
"generator": {
"date": "2025-11-21T17:36:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0837",
"initial_release_date": "2010-11-08T20:06:00+00:00",
"revision_history": [
{
"date": "2010-11-08T20:06:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-11-08T15:06:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:36:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-21.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-21.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-21.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-21.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-common-0:7.3.0-41.el4.noarch",
"product": {
"name": "rhpki-common-0:7.3.0-41.el4.noarch",
"product_id": "rhpki-common-0:7.3.0-41.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-common@7.3.0-41.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-util-0:7.3.0-21.el4.noarch",
"product": {
"name": "rhpki-util-0:7.3.0-21.el4.noarch",
"product_id": "rhpki-util-0:7.3.0-21.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-util@7.3.0-21.el4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-41.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-41.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-common-0:7.3.0-41.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch"
},
"product_reference": "rhpki-common-0:7.3.0-41.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-util-0:7.3.0-21.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
},
"product_reference": "rhpki-util-0:7.3.0-21.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2761",
"discovery_date": "2008-12-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648886"
}
],
"notes": [
{
"category": "description",
"text": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "MD5: MD5 Message-Digest Algorithm is not collision resistant",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please see https://access.redhat.com/solutions/15378",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-2761"
},
{
"category": "external",
"summary": "RHBZ#648886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761"
}
],
"release_date": "2008-12-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "MD5: MD5 Message-Digest Algorithm is not collision resistant"
},
{
"cve": "CVE-2010-3868",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648882"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: unauthenticated user can request SCEP one-time PIN decryption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3868"
},
{
"category": "external",
"summary": "RHBZ#648882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3868"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: unauthenticated user can request SCEP one-time PIN decryption"
},
{
"cve": "CVE-2010-3869",
"discovery_date": "2008-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "648883"
}
],
"notes": [
{
"category": "description",
"text": "Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "System: SCEP one-time PIN reuse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-3869"
},
{
"category": "external",
"summary": "RHBZ#648883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648883"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-3869",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3869"
}
],
"release_date": "2010-11-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-11-08T20:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0837"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4AS-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4AS-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-21.el4.noarch",
"4ES-CERT-7.3:rhpki-common-0:7.3.0-41.el4.noarch",
"4ES-CERT-7.3:rhpki-util-0:7.3.0-21.el4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "System: SCEP one-time PIN reuse"
}
]
}
VAR-200901-0466
Vulnerability from variot - Updated: 2024-07-23 21:44The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Is a one-way hash function MD5 Outputs a value called a fixed-length message digest from the input value. A secure hash function must be extremely difficult to find an input value that corresponds to a particular message digest. That the same message digest is output from different inputs. " collision " Call it. 1996 From the year MD5 Attack methods that exploit the lack of collision resistance of algorithms have been reported. After that, this attack technique X.509 It can be used to forge certificates, 2008 A year CA Based on a certificate signed by CA It was reported that the certificate was successfully forged. MD5 Products that use the algorithm are affected.MD5 There are various effects depending on the usage pattern. As an example, forged SSL Trusting a malicious website using a certificate may cause information leakage. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature. An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed.
-
iMC PLAT - Version: IMC PLAT 7.2, E0403P10
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU
- JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU
- JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU
- JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
- JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU
- JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 26 September 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05336888 Version: 1
HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-18 Last Updated: 2016-11-18
Potential Security Impact: Remote: Multiple Vulnerabilities
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information.
References:
- CVE-2004-2761 - MD5 Hash Collision Vulnerability
- CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability
- CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah"
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware 5 (CW5) Products All versions
- Comware 7 (CW7) Products All versions
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2004-2761
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE-2013-2566
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2015-2808
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has released the following mitigation information to resolve the vulnerabilities in HPE Comware 5 and Comware 7 network products.
Note: Please contact HPE Technical Support for any assistance configuring the recommended settings.
Mitigation for the hash collision vulnerability in the MD5 Algorithm:
-
For Comware V7, this issue only exists when the key-type is RSA and the public key length less than 1024 bits. Since the default length of the RSA key is 1024 bits, the length should only have to be set manually if necessary.
Example command to set the RSA key length to 1024 bits:
public-key rsa general name xxx length 1024 -
For Comware V5, this issue only exists when the key-type is RSA. HPE recommends using DSA and ECDSA keys and not an RSA key.
Mitigation for the RC4 vulnerabilities:
HPE recommends disabling RC2 and RC4 ciphers.
-
For Comware V7, remove the RC2/RC4 ciphers:
- exp_rsa_rc2_md5
- exp_rsa_rc4_md5
- rsa_rc4_128_md5
-
rsa_rc4_128_sha
Example using the ssl server-policy anamea ciphersuite command to omit the RC2/RC4 ciphers:
ssl server-policy anamea ciphersuite { dhe_rsa_aes_128_cbc_sha |dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }
Example using the ssl client-policy anamea prefer-cipher command to omit the RC2/RC4 ciphers:
ssl client-policy anamea prefer-cipher { dhe_rsa_aes_128_cbc_sha| dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }
-
For Comware V5, remove the following RC4 ciphers:
- rsa_rc4_128_md5
-
rsa_rc4_128_sha
Example using the ssl server-policy anamea ciphersuite command to omit the RC4 ciphers:
ssl server-policy anamea ciphersuite { rsa_3des_ede_cbc_sha |rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha }
Example using the ssl client-policy anamea prefer-cipher command to omit the RC4 ciphers:
ssl client-policy anamea prefer-cipher { rsa_3des_ede_cbc_sha |rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha }
COMWARE 5 Products
- HSR6602 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- MSR20 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
- MSR20-1X (Comware 5) - Version: See Mitigation
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
- MSR 30 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
- MSR 30-16 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
- MSR 30-1X (Comware 5) - Version: See Mitigation
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
- MSR 50 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
- MSR 50-G2 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
- MSR 9XX (Comware 5) - Version: See Mitigation
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
- MSR 93X (Comware 5) - Version: See Mitigation
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
- MSR1000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG732A HP MSR1003-8 AC Router
- 12500 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- 9500E (Comware 5) - Version: See Mitigation
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
- 10500 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
- 7500 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
- 6125G/XG Blade Switch - Version: See Mitigation
- HP Network Products
- 737220-B21 HP 6125G Blade Switch with TAA
- 737226-B21 HP 6125G/XG Blade Switch with TAA
- 658250-B21 HP 6125G/XG Blade Switch Opt Kit
- 658247-B21 HP 6125G Blade Switch Opt Kit
- 5830 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
- 5800 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
- 5500 HI (Comware 5) - Version: See Mitigation
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
- 5500 EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- 4800G (Comware 5) - Version: See Mitigation
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
- 5500SI (Comware 5) - Version: See Mitigation
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
- 4500G (Comware 5) - Version: See Mitigation
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
- 5120 EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
- 4210G (Comware 5) - Version: See Mitigation
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
- 5120 SI (Comware 5) - Version: See Mitigation
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
- 3610 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
- 3600V2 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
- 3100V2-48 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG315A HP 3100-48 v2 Switch
- JG315B HP 3100-48 v2 Switch
- HP870 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
- HP850 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
- HP830 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
- HP6000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
- WX5004-EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
- SecBlade FW (Comware 5) - Version: See Mitigation
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
- F1000-E (Comware 5) - Version: See Mitigation
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
- F1000-A-EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
- F1000-S-EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
- F5000-A (Comware 5) - Version: See Mitigation
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
- U200S and CS (Comware 5) - Version: See Mitigation
- HP Network Products
- JD273A HP U200-S UTM Appliance
- U200A and M (Comware 5) - Version: See Mitigation
- HP Network Products
- JD275A HP U200-A UTM Appliance
- F5000-C/S (Comware 5) - Version: See Mitigation
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
- SecBlade III (Comware 5) - Version: See Mitigation
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
- 6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- 6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- 6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC176A HP 6602 Router Chassis
- HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- SMB1910 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
- SMB1920 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
- V1910 (Comware 5) - Version: See Mitigation
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
- SMB 1620 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
COMWARE 7 Products
- 12500 (Comware 7) - Version: See Mitigation
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: See Mitigation
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: See Mitigation
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: See Mitigation
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 6125XLG - Version: See Mitigation
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- 6127XLG - Version: See Mitigation
- HP Network Products
- 787635 HP 6127XLG Blade Switch Opt Kit
- Moonshot - Version: See Mitigation
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- 5700 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: See Mitigation
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- 5950 (Comware 7) - Version: See Mitigation
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- 5940 (Comware 7) - Version: See Mitigation
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
HISTORY Version:1 (rev.1) - 18 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJYLytTAAoJELXhAxt7SZaiMjYIAI4xgRNJCPqOZ40XLUNhxYrc HyqTd62PbcGOPTFya1qOo16V94eJ5id5oRHOtcrFjJKtDedDS6OoAe5HWYXvLEI3 0fEzCNjk9aHTcvuf2t17MGhS0Fk2JrZ0191RFONKuEkqgMmK0d44SGMrVXSA28Dj phW1dzm1HiJO0NPUOa+cYMhNt0+I7b+ulD6FdldNdqx4fNtlXiHvcRbF4Wffe2hD N2hlvx1Wu1iu2g75XPNPOPYhDRkyAm79P2HZGCUohQlhWsRgcJRnubojJBr7CMf9 2Ud7MwYL4jTKK/mFdim4ej/hwPn3SCb5ekhTUBFDlu2J2DjUYi2xDQgyQkhuUIg= =NGQO -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-740-1 March 17, 2009 nss, firefox vulnerability CVE-2004-2761 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2
Ubuntu 7.10: libnss3-0d 3.11.5-3ubuntu0.7.10.2
Ubuntu 8.04 LTS: libnss3-0d 3.12.0.3-0ubuntu0.8.04.5 libnss3-1d 3.12.0.3-0ubuntu0.8.04.5
Ubuntu 8.10: libnss3-1d 3.12.0.3-0ubuntu5.8.10.1
After a standard system upgrade you need to restart your session to effect the necessary changes. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz
Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc
Size/MD5: 2389 abbe8becc260777f55315eb565f8d732
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz
Size/MD5: 48504132 171958941a2ca0562039add097278245
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
Size/MD5: 53898 025eab1318c7a90e48fb0a927bbbd433
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
Size/MD5: 53014 87135a54ac04ea95a0a3c7dccb8a4d4e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 2859292 f6a4b48f0e0e3250d83f0bf4183836f7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 86270 0bd3983f76c7474d37018f26eee721f4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 9494334 91c75d6baf740531224bed258c6622b9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 222572 2779237df4dc1c30d8d2c01623eef1e3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 166118 862f4a02164840c1d94228a396c2688c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 248116 183208d5e43c3ddc117d6cbefc54a472
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 826574 2ff813a52cac4b3392f056b145129821
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 218858 2fcc1d909f4fdafaced1b1f737f83bf1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 2859256 274033babbff1131a391ca71c19a6e6b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 78600 3e86ec8d1b73b8f7b822f12aaa56451a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 7997718 56cb9f85d34aa86721dcc36414b8f0e9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 222564 14edfb722d08b49930b901114b841c81
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 150606 fa56606c4d002559ee41e965299b523a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 248106 58139d67e47359f9cb056ad29292d06d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 717824 ce294179ee0e0fcdea589e751548f04e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 212058 b3874b6f769aeafedce238b9a15e7b09
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 2859352 dac458ed9e848ba8c64d0e18071149f8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 81686 228d420fc876cb95b6edad70d58c2c48
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 9113232 7ba2b92dad312ca9d2186dac6380d638
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 222564 9e89e2cc261f1c1b43e0b765e140d3d5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 163310 3ddb28abafbffe0943e25f48267df5f1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 248128 94da18de9bba74798a5ae257e85d882b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 817522 eb53d37dea9fce55780abda44b94ca89
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 215556 779f90ccb4534487d2274536ac9279dd
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 2859296 c7f225dc39717d6156b9163c7a8ddda0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 80180 51ca826844fa46702feb9bbeb5c6e999
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 8499070 ee1fd111aa113ac50e5ea42dc85e1e77
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 222590 6a5621015d57ffbd93f92a8552d98e54
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 153210 b7c4a9074a678fcaf70a4db7bcb8fd5d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 248150 1273ab06f98bf861e4e66985add8685a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 728698 cd5ba0f693710a604274d327d4724c88
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 213030 fe7a017cd7f4a8a9064372e51f903263
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz
Size/MD5: 23735 2c3b55fe3f316790d2174a56709723ad
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc
Size/MD5: 1925 9d9a2fa42ff8dcb452761d66e3238ef6
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz
Size/MD5: 3696893 1add44e6a41dbf5091cfd000f19ad6b9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 3143890 dad0155f293aff8a59d42086cef022c3
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 799588 70d491944efd2ce20cb839da11030b0e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 241342 567c357ea31e0e1729db4738822aa7b0
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 656372 a6868f642b5c295236c7df01dbc3f2d9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 2995870 d4ea291de433c1768148f35a4f40e596
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 723166 81b970c37e37b2bfe13bf8edf8b8c2df
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 238436 a901d3b0431faa6bfd4d8b732fc6b8ed
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 605568 f7a02ba6c2e65c2e3644f81e2e5add33
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 3213428 32f032e4c5ebc8383d334e2de5b1e0b5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 709556 606d9ee62127ecad6620ce6ee2a351c1
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 237148 526eb9b27871cee224d480ce8483d015
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 596394 35c4ef7f97a6934947760236b119d1f1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 3168400 13560d02da9c481147177504476a3f21
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 807892 5a0232d184bb4d87811974d61a902e17
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 240514 9cfb4b3bace2f033b7c55ba571d0c4a1
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 645362 ccd118c24941759b0c2e758ae60b4ba5
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 2834042 f884524281d9521e07b60c8bf9aa8074
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 718096 906896f0101a88bd6cb78ffdb103fe0e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 235222 f679c8d076c15860a41c1e16b1d69ded
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 576390 75811d5dc9ddd1eca108bc50ffe3e911
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz
Size/MD5: 38918 6fda80e067b0f84e323b3556b5f9dd18
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc
Size/MD5: 2001 e9365c71192c0e568d5dd9891708e436
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 17910 7933180f37ce55969719730463fef4cb
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 4511304 1a241985ee6673075b8610bbb2be2902
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 1135226 fcc9b7555aac5a0ef0260aa639b7421a
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 256738 992898a7cce94822e29a3e0d5d318e46
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 813730 542b82a7837b4a43191fd5862a97699e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 17894 3ea3554784b1242ce89f96bb631d0c4d
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 4294520 d7eb7d334bd821d887e24d76d8e2804f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 1017710 7afd17b32bc5ce80babf2405488997e8
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 253724 f7f8ad3723f384a657907016b8476c35
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 741278 ed53c68732f059a90a35310b68c4be88
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 17874 5e1a506010c923ba8a41129fef693344
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 4322188 cd5765f42aaffa32e20b0ac0510d9b6c
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 993934 313d088bd4a0a44fe05b762e33ef927d
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 252500 dcaf82868eaa0e3162a6a49fb6f512be
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 719648 8e422c9ee3dd5a062f547d36d6e2725c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 20352 144b270c8fc23407e1da27112151c952
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 4440132 f89a7f34a199abd8e0d840bb011ca5bf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 1115852 d88c0295406e468f7ac1c087edb661dd
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 255446 4eef63577fbaa5b611b0d9064c47ac6c
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 777064 83ad19b301d2c1eceef6682cbad5a00d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 17976 c763ceebcc3bf6371477809a8589cebf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 4038136 bbb4ff75f73844f33727fada2ca730b4
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 995598 2785d368bbb6665eee586ac3fc3e453e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 250450 a972e1131466d149480a574a57537c37
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 702432 d16a1353ba80d7104820f97c4f712334
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz
Size/MD5: 38881 8be9f8eb187a657a743e115f58dbb58b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc
Size/MD5: 2001 88381f73650cd5c2c369f387638ec40d
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 4696732 5e2844909ee8896f71548c37f7ab711f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 1182642 6f73554c7970e2c0e3da7dcddf8d4d7f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 256520 808f5ff374081b1fd7f981699e267828
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 17962 63411a0d50d9fa340f688c7a5cec33ae
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 824382 367bbe2bf29f17c4fa5b085142e0bc8f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 4450042 bb8560c5208a6f4d2a121a93d7ff7bac
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 1054914 1f7cbdc5e0776b8c2fc92241776bd96e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 253554 c1cc8fff73ef7b34dadc6fea411bc7db
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 17940 b3577f334ed9f5a95c6fdbdd4de83ef4
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 752462 703f7bd356efc312f216e361209ef3a7
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 4482980 c27f13a5f5aba10c93b2dda917c1ba31
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 1029092 3b2805f79d61b595907187846da18a54
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 252140 06b18884a6e275a5fc9a73abd1464875
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 730786 e1497e0cbdf8d7c3ac4c6e80e86837bf
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 4659468 ceb162226c93c950c71d2f0236b9d53e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 1137358 f61287d145339ece156686d86a971480
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 255312 d7787174c0d6b25467b0f1262306be06
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 20352 082622bc3e21161a1085695bd4f8f961
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 775316 78ca70e113bd97d42f62e19e0ac8fdb1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 4168250 b9f3c0b8eab76476c9bb057b43d9df40
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 1015340 5dd83c288df733b6a84247b48d945647
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 250138 f6a1dd454cc44a4684ab288e9eadde56
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 18068 27f0453909db6eda6d8ffd3ef35454c9
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 703524 e87fca0b128626aebf5bce77473ee8e0
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0466",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "md5",
"scope": "eq",
"trust": 1.6,
"vendor": "ietf",
"version": null
},
{
"model": "rtx1500",
"scope": null,
"trust": 1.1,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1100",
"scope": null,
"trust": 1.1,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1000",
"scope": null,
"trust": 1.1,
"vendor": "yamaha",
"version": null
},
{
"model": "rtv700",
"scope": null,
"trust": 1.1,
"vendor": "yamaha",
"version": null
},
{
"model": "rt300i",
"scope": null,
"trust": 1.1,
"vendor": "yamaha",
"version": null
},
{
"model": "rt105 series",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt107e",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt140 series",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt250i",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt57i",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt58i",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtv01",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1200",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx2000",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx3000",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "srt100",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1000"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "105"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "107e"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1100"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1200"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "140"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1500"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "2000"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "250i"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "3000"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "300i"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "57i"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "58i"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "sr100"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v01"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v700"
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "application server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "application server for developers",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "web server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "srt100",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rtx3000",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rtx2000",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rt107e",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "rt105",
"scope": null,
"trust": 0.3,
"vendor": "yamaha",
"version": null
},
{
"model": "rt104",
"scope": "eq",
"trust": 0.3,
"vendor": "yamaha",
"version": "0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "trace file analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.11.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.11"
},
{
"model": "rfc algorithms and identifiers for the inter",
"scope": "eq",
"trust": 0.3,
"vendor": "ietf",
"version": "3279:0"
},
{
"model": "vsr (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7)0"
},
{
"model": "u200s and cs (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "u200a and m (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "smb1920 (comware r1106",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)"
},
{
"model": "smb1910 (comware r1108",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)"
},
{
"model": "smb (comware r1105",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "16205)"
},
{
"model": "secblade fw (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "msr4000 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7)0"
},
{
"model": "msr3000 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7)0"
},
{
"model": "msr2000 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7)0"
},
{
"model": "msr20-1x (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "msr20 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "msr1000 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7)0"
},
{
"model": "msr1000 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "msr (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9xx5)0"
},
{
"model": "msr (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "93x5)0"
},
{
"model": "msr 50-g2 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "msr (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "30-1x5)0"
},
{
"model": "msr (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "30-165)0"
},
{
"model": "msr (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "305)0"
},
{
"model": "moonshot",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg768aae hp pcm+ to imc std upg w/ 200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg767aae hp imc smcnct wsm vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg766aae hp imc smcnct vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg748aae hp imc ent sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "jg747aae hp imc std sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "jg660aae hp imc smart connect w/wlm vae e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg590aae hp imc bsc wlan mgr sw pltfm ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "jg550aae hp pmm to imc bsc wlm upgr w/150ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg549aae hp pcm+ to imc std upgr w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg548aae hp pcm+ to imc bsc upgr w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jg546aae hp imc basic sw platform w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jf378aae hp imc ent s/w pltfrm w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jf378a hp imc ent s/w platform w/200-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jf377aae hp imc std s/w pltfrm w/100-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jf377a hp imc std s/w platform w/100-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jf289aae hp enterprise management system to intelligent manageme",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jf288aae hp network director to intelligent management center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd816a hp a-imc standard edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd815a hp imc std platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd814a hp a-imc enterprise edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd808a hp imc ent platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd126a hp imc ent s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd125a hp imc std s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "hsr6800 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7)0"
},
{
"model": "hsr6800 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "hsr6602 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "hp870 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "hp850 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "hp830 (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "f5000-c/s (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "f1000-e (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "f1000-a-ei (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "9500e (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "(comware r2122",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "79007)"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "75007)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "75005)0"
},
{
"model": "rse ru r3303p18",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "66005"
},
{
"model": "6127xlg",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "6125xlg",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "59507)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "59407)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "59307)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "59207)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "59007)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "58305)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "58005)0"
},
{
"model": "5500si (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "hi (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "55005)0"
},
{
"model": "ei (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "55005)0"
},
{
"model": "(comware r3108p03",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "51307)"
},
{
"model": "si (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "51205)0"
},
{
"model": "ei (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "51205)0"
},
{
"model": "4800g (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "4500g (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "4210g (comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "125007)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "125005)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "105007)0"
},
{
"model": "(comware",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "105005)0"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"model": "ios ca",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "trace file analyzer",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2.8.4"
},
{
"model": "network security services",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.2"
}
],
"sources": [
{
"db": "BID",
"id": "33065"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Sotirov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2761",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-2761",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2761",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#836068",
"trust": 0.8,
"value": "18.00"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-025",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2004-2761",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#836068"
},
{
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Is a one-way hash function MD5 Outputs a value called a fixed-length message digest from the input value. A secure hash function must be extremely difficult to find an input value that corresponds to a particular message digest. That the same message digest is output from different inputs. \" collision \" Call it. 1996 From the year MD5 Attack methods that exploit the lack of collision resistance of algorithms have been reported. After that, this attack technique X.509 It can be used to forge certificates, 2008 A year CA Based on a certificate signed by CA It was reported that the certificate was successfully forged. MD5 Products that use the algorithm are affected.MD5 There are various effects depending on the usage pattern. As an example, forged SSL Trusting a malicious website using a certificate may cause information leakage. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature. \nAn attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible. \n - HPE iMC PLAT - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed version listed. \n\n + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10**\n\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade\n50-node and 150-AP E-LTU\n - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point\nE-LTU\n - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance\nEdition E-LTU\n - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\n - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance\nEdition E-LTU\n - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with\n200-node E-LTU\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 26 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05336888\nVersion: 1\n\nHPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using\nSSL/TLS, Multiple Remote Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-18\nLast Updated: 2016-11-18\n\nPotential Security Impact: Remote: Multiple Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nSecurity vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite\ncould potentially impact HPE Comware 5 and Comware 7 network products using\nSSL/TLS. These vulnerabilities could be exploited remotely to conduct\nspoofing attacks and plaintext recovery attacks resulting in disclosure of\ninformation. \n\nReferences:\n\n - CVE-2004-2761 - MD5 Hash Collision Vulnerability\n - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability\n - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as \"Bar Mitzvah\"\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - Comware 5 (CW5) Products All versions\n - Comware 7 (CW7) Products All versions\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2004-2761\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n CVE-2013-2566\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2015-2808\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following mitigation information to resolve the\nvulnerabilities in HPE Comware 5 and Comware 7 network products. \n\n *Note:* Please contact HPE Technical Support for any assistance configuring\nthe recommended settings. \n\n**Mitigation for the hash collision vulnerability in the MD5 Algorithm:**\n\n + For Comware V7, this issue only exists when the key-type is RSA and the\npublic key length less than 1024 bits. \n Since the default length of the RSA key is 1024 bits, the length should\nonly have to be set manually if necessary. \n \n Example command to set the RSA key length to 1024 bits:\n \n public-key rsa general name xxx length 1024\n \n + For Comware V5, this issue only exists when the key-type is RSA. \n HPE recommends using DSA and ECDSA keys and not an RSA key. \n\n**Mitigation for the RC4 vulnerabilities:**\n \n HPE recommends disabling RC2 and RC4 ciphers. \n \n + For Comware V7, remove the RC2/RC4 ciphers:\n \n - exp_rsa_rc2_md5\n - exp_rsa_rc4_md5\n - rsa_rc4_128_md5\n - rsa_rc4_128_sha\n\n Example using the *ssl server-policy anamea ciphersuite* command to\nomit the RC2/RC4 ciphers:\n \n ssl server-policy anamea ciphersuite { dhe_rsa_aes_128_cbc_sha |\ndhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha |\nrsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }\n\n Example using the *ssl client-policy anamea prefer-cipher* command\nto omit the RC2/RC4 ciphers: \n\n ssl client-policy anamea prefer-cipher { dhe_rsa_aes_128_cbc_sha\n| dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha |\nrsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }\n\n\n + For Comware V5, remove the following RC4 ciphers:\n \n - rsa_rc4_128_md5\n - rsa_rc4_128_sha\n\n Example using the *ssl server-policy anamea ciphersuite* command to\nomit the RC4 ciphers:\n \n ssl server-policy anamea ciphersuite { rsa_3des_ede_cbc_sha |\nrsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha }\n\n Example using the *ssl client-policy anamea prefer-cipher* command\nto omit the RC4 ciphers: \n\n ssl client-policy anamea prefer-cipher { rsa_3des_ede_cbc_sha |\nrsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha }\n\n\n**COMWARE 5 Products**\n\n + **HSR6602 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **MSR20 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD432A HP A-MSR20-21 Router\n - JD662A HP MSR20-20 Router\n - JD663A HP A-MSR20-21 Router\n - JD663B HP MSR20-21 Router\n - JD664A HP MSR20-40 Router\n - JF228A HP MSR20-40 Router\n - JF283A HP MSR20-20 Router\n + **MSR20-1X (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD431A HP MSR20-10 Router\n - JD667A HP MSR20-15 IW Multi-Service Router\n - JD668A HP MSR20-13 Multi-Service Router\n - JD669A HP MSR20-13 W Multi-Service Router\n - JD670A HP MSR20-15 A Multi-Service Router\n - JD671A HP MSR20-15 AW Multi-Service Router\n - JD672A HP MSR20-15 I Multi-Service Router\n - JD673A HP MSR20-11 Multi-Service Router\n - JD674A HP MSR20-12 Multi-Service Router\n - JD675A HP MSR20-12 W Multi-Service Router\n - JD676A HP MSR20-12 T1 Multi-Service Router\n - JF236A HP MSR20-15-I Router\n - JF237A HP MSR20-15-A Router\n - JF238A HP MSR20-15-I-W Router\n - JF239A HP MSR20-11 Router\n - JF240A HP MSR20-13 Router\n - JF241A HP MSR20-12 Router\n - JF806A HP MSR20-12-T Router\n - JF807A HP MSR20-12-W Router\n - JF808A HP MSR20-13-W Router\n - JF809A HP MSR20-15-A-W Router\n - JF817A HP MSR20-15 Router\n - JG209A HP MSR20-12-T-W Router (NA)\n - JG210A HP MSR20-13-W Router (NA)\n + **MSR 30 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD654A HP MSR30-60 POE Multi-Service Router\n - JD657A HP MSR30-40 Multi-Service Router\n - JD658A HP MSR30-60 Multi-Service Router\n - JD660A HP MSR30-20 POE Multi-Service Router\n - JD661A HP MSR30-40 POE Multi-Service Router\n - JD666A HP MSR30-20 Multi-Service Router\n - JF229A HP MSR30-40 Router\n - JF230A HP MSR30-60 Router\n - JF232A HP RTMSR3040-AC-OVSAS-H3\n - JF235A HP MSR30-20 DC Router\n - JF284A HP MSR30-20 Router\n - JF287A HP MSR30-40 DC Router\n - JF801A HP MSR30-60 DC Router\n - JF802A HP MSR30-20 PoE Router\n - JF803A HP MSR30-40 PoE Router\n - JF804A HP MSR30-60 PoE Router\n - JG728A HP MSR30-20 TAA-compliant DC Router\n - JG729A HP MSR30-20 TAA-compliant Router\n + **MSR 30-16 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD659A HP MSR30-16 POE Multi-Service Router\n - JD665A HP MSR30-16 Multi-Service Router\n - JF233A HP MSR30-16 Router\n - JF234A HP MSR30-16 PoE Router\n + **MSR 30-1X (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF800A HP MSR30-11 Router\n - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n - JG182A HP MSR30-11E Router\n - JG183A HP MSR30-11F Router\n - JG184A HP MSR30-10 DC Router\n + **MSR 50 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD433A HP MSR50-40 Router\n - JD653A HP MSR50 Processor Module\n - JD655A HP MSR50-40 Multi-Service Router\n - JD656A HP MSR50-60 Multi-Service Router\n - JF231A HP MSR50-60 Router\n - JF285A HP MSR50-40 DC Router\n - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n + **MSR 50-G2 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD429A HP MSR50 G2 Processor Module\n - JD429B HP MSR50 G2 Processor Module\n + **MSR 9XX (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF812A HP MSR900 Router\n - JF813A HP MSR920 Router\n - JF814A HP MSR900-W Router\n - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n - JG207A HP MSR900-W Router (NA)\n - JG208A HP MSR920-W Router (NA)\n + **MSR 93X (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG511A HP MSR930 Router\n - JG511B HP MSR930 Router\n - JG512A HP MSR930 Wireless Router\n - JG513A HP MSR930 3G Router\n - JG513B HP MSR930 3G Router\n - JG514A HP MSR931 Router\n - JG514B HP MSR931 Router\n - JG515A HP MSR931 3G Router\n - JG516A HP MSR933 Router\n - JG517A HP MSR933 3G Router\n - JG518A HP MSR935 Router\n - JG518B HP MSR935 Router\n - JG519A HP MSR935 Wireless Router\n - JG520A HP MSR935 3G Router\n - JG531A HP MSR931 Dual 3G Router\n - JG531B HP MSR931 Dual 3G Router\n - JG596A HP MSR930 4G LTE/3G CDMA Router\n - JG597A HP MSR936 Wireless Router\n - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n - JH009A HP MSR931 Serial (TI) Router\n - JH010A HP MSR933 G.SHDSL (TI) Router\n - JH011A HP MSR935 ADSL2+ (TI) Router\n - JH012A HP MSR930 Wireless 802.11n (NA) Router\n - JH012B HP MSR930 Wireless 802.11n (NA) Router\n - JH013A HP MSR935 Wireless 802.11n (NA) Router\n + **MSR1000 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG732A HP MSR1003-8 AC Router\n + **12500 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JC808A HP 12500 TAA Main Processing Unit\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n + **9500E (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC124A HP A9508 Switch Chassis\n - JC124B HP 9505 Switch Chassis\n - JC125A HP A9512 Switch Chassis\n - JC125B HP 9512 Switch Chassis\n - JC474A HP A9508-V Switch Chassis\n - JC474B HP 9508-V Switch Chassis\n + **10500 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC614A HP 10500 Main Processing Unit\n - JC748A HP 10512 Switch Chassis\n - JG375A HP 10500 TAA-compliant Main Processing Unit\n - JG820A HP 10504 TAA-compliant Switch Chassis\n - JG821A HP 10508 TAA-compliant Switch Chassis\n - JG822A HP 10508-V TAA-compliant Switch Chassis\n - JG823A HP 10512 TAA-compliant Switch Chassis\n + **7500 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n - JC697A HP 7502 TAA-compliant Main Processing Unit\n - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD194A HP 7500 384Gbps Fabric Module\n - JD194B HP 7500 384Gbps Fabric Module\n - JD195A HP 7500 384Gbps Advanced Fabric Module\n - JD196A HP 7502 Fabric Module\n - JD220A HP 7500 768Gbps Fabric Module\n - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n - JD238A HP 7510 Switch Chassis\n - JD238B HP 7510 Switch Chassis\n - JD239A HP 7506 Switch Chassis\n - JD239B HP 7506 Switch Chassis\n - JD240A HP 7503 Switch Chassis\n - JD240B HP 7503 Switch Chassis\n - JD241A HP 7506-V Switch Chassis\n - JD241B HP 7506-V Switch Chassis\n - JD242A HP 7502 Switch Chassis\n - JD242B HP 7502 Switch Chassis\n - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n - JE164A HP E7902 Switch Chassis\n - JE165A HP E7903 Switch Chassis\n - JE166A HP E7903 1 Fabric Slot Switch Chassis\n - JE167A HP E7906 Switch Chassis\n - JE168A HP E7906 Vertical Switch Chassis\n - JE169A HP E7910 Switch Chassis\n + **6125G/XG Blade Switch - Version: See Mitigation**\n * HP Network Products\n - 737220-B21 HP 6125G Blade Switch with TAA\n - 737226-B21 HP 6125G/XG Blade Switch with TAA\n - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n - 658247-B21 HP 6125G Blade Switch Opt Kit\n + **5830 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n - JC694A HP 5830AF-96G Switch\n - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n - JG374A HP 5830AF-96G TAA-compliant Switch\n + **5800 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n + **5500 HI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n + **5500 EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD373A HP 5500-24G DC EI Switch\n - JD374A HP 5500-24G-SFP EI Switch\n - JD375A HP 5500-48G EI Switch\n - JD376A HP 5500-48G-PoE EI Switch\n - JD377A HP 5500-24G EI Switch\n - JD378A HP 5500-24G-PoE EI Switch\n - JD379A HP 5500-24G-SFP DC EI Switch\n - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n + **4800G (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD007A HP 4800-24G Switch\n - JD008A HP 4800-24G-PoE Switch\n - JD009A HP 4800-24G-SFP Switch\n - JD010A HP 4800-48G Switch\n - JD011A HP 4800-48G-PoE Switch\n + **5500SI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD369A HP 5500-24G SI Switch\n - JD370A HP 5500-48G SI Switch\n - JD371A HP 5500-24G-PoE SI Switch\n - JD372A HP 5500-48G-PoE SI Switch\n - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n + **4500G (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF428A HP 4510-48G Switch\n - JF847A HP 4510-24G Switch\n + **5120 EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JE066A HP 5120-24G EI Switch\n - JE067A HP 5120-48G EI Switch\n - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n - JE070A HP 5120-24G-PoE EI 2-slot Switch\n - JE071A HP 5120-48G-PoE EI 2-slot Switch\n - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n + **4210G (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF844A HP 4210-24G Switch\n - JF845A HP 4210-48G Switch\n - JF846A HP 4210-24G-PoE Switch\n + **5120 SI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JE072A HP 5120-48G SI Switch\n - JE072B HPE 5120 48G SI Switch\n - JE073A HP 5120-16G SI Switch\n - JE073B HPE 5120 16G SI Switch\n - JE074A HP 5120-24G SI Switch\n - JE074B HPE 5120 24G SI Switch\n - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n + **3610 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD335A HP 3610-48 Switch\n - JD336A HP 3610-24-4G-SFP Switch\n - JD337A HP 3610-24-2G-2G-SFP Switch\n - JD338A HP 3610-24-SFP Switch\n + **3600V2 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG299A HP 3600-24 v2 EI Switch\n - JG299B HP 3600-24 v2 EI Switch\n - JG300A HP 3600-48 v2 EI Switch\n - JG300B HP 3600-48 v2 EI Switch\n - JG301A HP 3600-24-PoE+ v2 EI Switch\n - JG301B HP 3600-24-PoE+ v2 EI Switch\n - JG301C HP 3600-24-PoE+ v2 EI Switch\n - JG302A HP 3600-48-PoE+ v2 EI Switch\n - JG302B HP 3600-48-PoE+ v2 EI Switch\n - JG302C HP 3600-48-PoE+ v2 EI Switch\n - JG303A HP 3600-24-SFP v2 EI Switch\n - JG303B HP 3600-24-SFP v2 EI Switch\n - JG304A HP 3600-24 v2 SI Switch\n - JG304B HP 3600-24 v2 SI Switch\n - JG305A HP 3600-48 v2 SI Switch\n - JG305B HP 3600-48 v2 SI Switch\n - JG306A HP 3600-24-PoE+ v2 SI Switch\n - JG306B HP 3600-24-PoE+ v2 SI Switch\n - JG306C HP 3600-24-PoE+ v2 SI Switch\n - JG307A HP 3600-48-PoE+ v2 SI Switch\n - JG307B HP 3600-48-PoE+ v2 SI Switch\n - JG307C HP 3600-48-PoE+ v2 SI Switch\n + **3100V2-48 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG315A HP 3100-48 v2 Switch\n - JG315B HP 3100-48 v2 Switch\n + **HP870 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG723A HP 870 Unified Wired-WLAN Appliance\n - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n + **HP850 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG722A HP 850 Unified Wired-WLAN Appliance\n - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n + **HP830 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n + **HP6000 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n + **WX5004-EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD447B HP WX5002 Access Controller\n - JD448A HP WX5004 Access Controller\n - JD448B HP WX5004 Access Controller\n - JD469A HP WX5004 Access Controller\n + **SecBlade FW (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC635A HP 12500 VPN Firewall Module\n - JD245A HP 9500 VPN Firewall Module\n - JD249A HP 10500/7500 Advanced VPN Firewall Module\n - JD250A HP 6600 Firewall Processing Router Module\n - JD251A HP 8800 Firewall Processing Module\n - JD255A HP 5820 VPN Firewall Module\n + **F1000-E (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD272A HP F1000-E VPN Firewall Appliance\n + **F1000-A-EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG214A HP F1000-A-EI VPN Firewall Appliance\n + **F1000-S-EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG213A HP F1000-S-EI VPN Firewall Appliance\n + **F5000-A (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD259A HP A5000-A5 VPN Firewall Chassis\n - JG215A HP F5000 Firewall Main Processing Unit\n - JG216A HP F5000 Firewall Standalone Chassis\n + **U200S and CS (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD273A HP U200-S UTM Appliance\n + **U200A and M (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD275A HP U200-A UTM Appliance\n + **F5000-C/S (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG650A HP F5000-C VPN Firewall Appliance\n - JG370A HP F5000-S VPN Firewall Appliance\n + **SecBlade III (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG371A HP 12500 20Gbps VPN Firewall Module\n - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **SMB1910 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG540A HP 1910-48 Switch\n - JG539A HP 1910-24-PoE+ Switch\n - JG538A HP 1910-24 Switch\n - JG537A HP 1910-8 -PoE+ Switch\n - JG536A HP 1910-8 Switch\n + **SMB1920 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG928A HP 1920-48G-PoE+ (370W) Switch\n - JG927A HP 1920-48G Switch\n - JG926A HP 1920-24G-PoE+ (370W) Switch\n - JG925A HP 1920-24G-PoE+ (180W) Switch\n - JG924A HP 1920-24G Switch\n - JG923A HP 1920-16G Switch\n - JG922A HP 1920-8G-PoE+ (180W) Switch\n - JG921A HP 1920-8G-PoE+ (65W) Switch\n - JG920A HP 1920-8G Switch\n + **V1910 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JE005A HP 1910-16G Switch\n - JE006A HP 1910-24G Switch\n - JE007A HP 1910-24G-PoE (365W) Switch\n - JE008A HP 1910-24G-PoE(170W) Switch\n - JE009A HP 1910-48G Switch\n - JG348A HP 1910-8G Switch\n - JG349A HP 1910-8G-PoE+ (65W) Switch\n - JG350A HP 1910-8G-PoE+ (180W) Switch\n + **SMB 1620 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG914A HP 1620-48G Switch\n - JG913A HP 1620-24G Switch\n - JG912A HP 1620-8G Switch\n\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **6125XLG - Version: See Mitigation**\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n + **6127XLG - Version: See Mitigation**\n * HP Network Products\n - 787635 HP 6127XLG Blade Switch Opt Kit\n + **Moonshot - Version: See Mitigation**\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n + **5700 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n + **5950 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n + **5940 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n\nHISTORY\nVersion:1 (rev.1) - 18 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJYLytTAAoJELXhAxt7SZaiMjYIAI4xgRNJCPqOZ40XLUNhxYrc\nHyqTd62PbcGOPTFya1qOo16V94eJ5id5oRHOtcrFjJKtDedDS6OoAe5HWYXvLEI3\n0fEzCNjk9aHTcvuf2t17MGhS0Fk2JrZ0191RFONKuEkqgMmK0d44SGMrVXSA28Dj\nphW1dzm1HiJO0NPUOa+cYMhNt0+I7b+ulD6FdldNdqx4fNtlXiHvcRbF4Wffe2hD\nN2hlvx1Wu1iu2g75XPNPOPYhDRkyAm79P2HZGCUohQlhWsRgcJRnubojJBr7CMf9\n2Ud7MwYL4jTKK/mFdim4ej/hwPn3SCb5ekhTUBFDlu2J2DjUYi2xDQgyQkhuUIg=\n=NGQO\n-----END PGP SIGNATURE-----\n. ===========================================================\nUbuntu Security Notice USN-740-1 March 17, 2009\nnss, firefox vulnerability\nCVE-2004-2761\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 7.10\nUbuntu 8.04 LTS\nUbuntu 8.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2\n\nUbuntu 7.10:\n libnss3-0d 3.11.5-3ubuntu0.7.10.2\n\nUbuntu 8.04 LTS:\n libnss3-0d 3.12.0.3-0ubuntu0.8.04.5\n libnss3-1d 3.12.0.3-0ubuntu0.8.04.5\n\nUbuntu 8.10:\n libnss3-1d 3.12.0.3-0ubuntu5.8.10.1\n\nAfter a standard system upgrade you need to restart your session to\neffect the necessary changes. This update\nblacklists the proof of concept rogue certificate authority as discussed\nin http://www.win.tue.nl/hashclash/rogue-ca/. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz\n Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc\n Size/MD5: 2389 abbe8becc260777f55315eb565f8d732\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz\n Size/MD5: 48504132 171958941a2ca0562039add097278245\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb\n Size/MD5: 53898 025eab1318c7a90e48fb0a927bbbd433\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb\n Size/MD5: 53014 87135a54ac04ea95a0a3c7dccb8a4d4e\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 2859292 f6a4b48f0e0e3250d83f0bf4183836f7\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 86270 0bd3983f76c7474d37018f26eee721f4\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 9494334 91c75d6baf740531224bed258c6622b9\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 222572 2779237df4dc1c30d8d2c01623eef1e3\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 166118 862f4a02164840c1d94228a396c2688c\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 248116 183208d5e43c3ddc117d6cbefc54a472\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 826574 2ff813a52cac4b3392f056b145129821\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb\n Size/MD5: 218858 2fcc1d909f4fdafaced1b1f737f83bf1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 2859256 274033babbff1131a391ca71c19a6e6b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 78600 3e86ec8d1b73b8f7b822f12aaa56451a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 7997718 56cb9f85d34aa86721dcc36414b8f0e9\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 222564 14edfb722d08b49930b901114b841c81\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 150606 fa56606c4d002559ee41e965299b523a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 248106 58139d67e47359f9cb056ad29292d06d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 717824 ce294179ee0e0fcdea589e751548f04e\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb\n Size/MD5: 212058 b3874b6f769aeafedce238b9a15e7b09\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 2859352 dac458ed9e848ba8c64d0e18071149f8\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 81686 228d420fc876cb95b6edad70d58c2c48\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 9113232 7ba2b92dad312ca9d2186dac6380d638\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 222564 9e89e2cc261f1c1b43e0b765e140d3d5\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 163310 3ddb28abafbffe0943e25f48267df5f1\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 248128 94da18de9bba74798a5ae257e85d882b\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 817522 eb53d37dea9fce55780abda44b94ca89\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb\n Size/MD5: 215556 779f90ccb4534487d2274536ac9279dd\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 2859296 c7f225dc39717d6156b9163c7a8ddda0\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 80180 51ca826844fa46702feb9bbeb5c6e999\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 8499070 ee1fd111aa113ac50e5ea42dc85e1e77\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 222590 6a5621015d57ffbd93f92a8552d98e54\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 153210 b7c4a9074a678fcaf70a4db7bcb8fd5d\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 248150 1273ab06f98bf861e4e66985add8685a\n http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 728698 cd5ba0f693710a604274d327d4724c88\n http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb\n Size/MD5: 213030 fe7a017cd7f4a8a9064372e51f903263\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz\n Size/MD5: 23735 2c3b55fe3f316790d2174a56709723ad\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc\n Size/MD5: 1925 9d9a2fa42ff8dcb452761d66e3238ef6\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz\n Size/MD5: 3696893 1add44e6a41dbf5091cfd000f19ad6b9\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb\n Size/MD5: 3143890 dad0155f293aff8a59d42086cef022c3\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb\n Size/MD5: 799588 70d491944efd2ce20cb839da11030b0e\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb\n Size/MD5: 241342 567c357ea31e0e1729db4738822aa7b0\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb\n Size/MD5: 656372 a6868f642b5c295236c7df01dbc3f2d9\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb\n Size/MD5: 2995870 d4ea291de433c1768148f35a4f40e596\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb\n Size/MD5: 723166 81b970c37e37b2bfe13bf8edf8b8c2df\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb\n Size/MD5: 238436 a901d3b0431faa6bfd4d8b732fc6b8ed\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb\n Size/MD5: 605568 f7a02ba6c2e65c2e3644f81e2e5add33\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb\n Size/MD5: 3213428 32f032e4c5ebc8383d334e2de5b1e0b5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb\n Size/MD5: 709556 606d9ee62127ecad6620ce6ee2a351c1\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb\n Size/MD5: 237148 526eb9b27871cee224d480ce8483d015\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb\n Size/MD5: 596394 35c4ef7f97a6934947760236b119d1f1\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb\n Size/MD5: 3168400 13560d02da9c481147177504476a3f21\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb\n Size/MD5: 807892 5a0232d184bb4d87811974d61a902e17\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb\n Size/MD5: 240514 9cfb4b3bace2f033b7c55ba571d0c4a1\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb\n Size/MD5: 645362 ccd118c24941759b0c2e758ae60b4ba5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb\n Size/MD5: 2834042 f884524281d9521e07b60c8bf9aa8074\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb\n Size/MD5: 718096 906896f0101a88bd6cb78ffdb103fe0e\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb\n Size/MD5: 235222 f679c8d076c15860a41c1e16b1d69ded\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb\n Size/MD5: 576390 75811d5dc9ddd1eca108bc50ffe3e911\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz\n Size/MD5: 38918 6fda80e067b0f84e323b3556b5f9dd18\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc\n Size/MD5: 2001 e9365c71192c0e568d5dd9891708e436\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz\n Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb\n Size/MD5: 17910 7933180f37ce55969719730463fef4cb\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb\n Size/MD5: 4511304 1a241985ee6673075b8610bbb2be2902\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb\n Size/MD5: 1135226 fcc9b7555aac5a0ef0260aa639b7421a\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb\n Size/MD5: 256738 992898a7cce94822e29a3e0d5d318e46\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb\n Size/MD5: 813730 542b82a7837b4a43191fd5862a97699e\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb\n Size/MD5: 17894 3ea3554784b1242ce89f96bb631d0c4d\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb\n Size/MD5: 4294520 d7eb7d334bd821d887e24d76d8e2804f\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb\n Size/MD5: 1017710 7afd17b32bc5ce80babf2405488997e8\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb\n Size/MD5: 253724 f7f8ad3723f384a657907016b8476c35\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb\n Size/MD5: 741278 ed53c68732f059a90a35310b68c4be88\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb\n Size/MD5: 17874 5e1a506010c923ba8a41129fef693344\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb\n Size/MD5: 4322188 cd5765f42aaffa32e20b0ac0510d9b6c\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb\n Size/MD5: 993934 313d088bd4a0a44fe05b762e33ef927d\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb\n Size/MD5: 252500 dcaf82868eaa0e3162a6a49fb6f512be\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb\n Size/MD5: 719648 8e422c9ee3dd5a062f547d36d6e2725c\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb\n Size/MD5: 20352 144b270c8fc23407e1da27112151c952\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb\n Size/MD5: 4440132 f89a7f34a199abd8e0d840bb011ca5bf\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb\n Size/MD5: 1115852 d88c0295406e468f7ac1c087edb661dd\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb\n Size/MD5: 255446 4eef63577fbaa5b611b0d9064c47ac6c\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb\n Size/MD5: 777064 83ad19b301d2c1eceef6682cbad5a00d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb\n Size/MD5: 17976 c763ceebcc3bf6371477809a8589cebf\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb\n Size/MD5: 4038136 bbb4ff75f73844f33727fada2ca730b4\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb\n Size/MD5: 995598 2785d368bbb6665eee586ac3fc3e453e\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb\n Size/MD5: 250450 a972e1131466d149480a574a57537c37\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb\n Size/MD5: 702432 d16a1353ba80d7104820f97c4f712334\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz\n Size/MD5: 38881 8be9f8eb187a657a743e115f58dbb58b\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc\n Size/MD5: 2001 88381f73650cd5c2c369f387638ec40d\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz\n Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb\n Size/MD5: 4696732 5e2844909ee8896f71548c37f7ab711f\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb\n Size/MD5: 1182642 6f73554c7970e2c0e3da7dcddf8d4d7f\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb\n Size/MD5: 256520 808f5ff374081b1fd7f981699e267828\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb\n Size/MD5: 17962 63411a0d50d9fa340f688c7a5cec33ae\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb\n Size/MD5: 824382 367bbe2bf29f17c4fa5b085142e0bc8f\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb\n Size/MD5: 4450042 bb8560c5208a6f4d2a121a93d7ff7bac\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb\n Size/MD5: 1054914 1f7cbdc5e0776b8c2fc92241776bd96e\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb\n Size/MD5: 253554 c1cc8fff73ef7b34dadc6fea411bc7db\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb\n Size/MD5: 17940 b3577f334ed9f5a95c6fdbdd4de83ef4\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb\n Size/MD5: 752462 703f7bd356efc312f216e361209ef3a7\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb\n Size/MD5: 4482980 c27f13a5f5aba10c93b2dda917c1ba31\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb\n Size/MD5: 1029092 3b2805f79d61b595907187846da18a54\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb\n Size/MD5: 252140 06b18884a6e275a5fc9a73abd1464875\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb\n Size/MD5: 17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb\n Size/MD5: 730786 e1497e0cbdf8d7c3ac4c6e80e86837bf\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb\n Size/MD5: 4659468 ceb162226c93c950c71d2f0236b9d53e\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb\n Size/MD5: 1137358 f61287d145339ece156686d86a971480\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb\n Size/MD5: 255312 d7787174c0d6b25467b0f1262306be06\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb\n Size/MD5: 20352 082622bc3e21161a1085695bd4f8f961\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb\n Size/MD5: 775316 78ca70e113bd97d42f62e19e0ac8fdb1\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb\n Size/MD5: 4168250 b9f3c0b8eab76476c9bb057b43d9df40\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb\n Size/MD5: 1015340 5dd83c288df733b6a84247b48d945647\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb\n Size/MD5: 250138 f6a1dd454cc44a4684ab288e9eadde56\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb\n Size/MD5: 18068 27f0453909db6eda6d8ffd3ef35454c9\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb\n Size/MD5: 703524 e87fca0b128626aebf5bce77473ee8e0\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2761"
},
{
"db": "CERT/CC",
"id": "VU#836068"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "BID",
"id": "33065"
},
{
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"db": "PACKETSTORM",
"id": "138866"
},
{
"db": "PACKETSTORM",
"id": "139894"
},
{
"db": "PACKETSTORM",
"id": "146157"
},
{
"db": "PACKETSTORM",
"id": "75815"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=24807",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-2761"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2761",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#836068",
"trust": 3.0
},
{
"db": "BID",
"id": "33065",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.9
},
{
"db": "SREASON",
"id": "4866",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34281",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33826",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024697",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "42181",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20081230 MD5 CONSIDERED HARMFUL TODAY: CREATING A ROGUE CA CERTIFICATE",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20090115 MD5 HASHES MAY ALLOW FOR CERTIFICATE SPOOFING",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-740-1",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "24807",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-2761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139894",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146157",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75815",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#836068"
},
{
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"db": "BID",
"id": "33065"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "PACKETSTORM",
"id": "138866"
},
{
"db": "PACKETSTORM",
"id": "139894"
},
{
"db": "PACKETSTORM",
"id": "146157"
},
{
"db": "PACKETSTORM",
"id": "75815"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"id": "VAR-200901-0466",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2024-07-23T21:44:12.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sr-20090115-md5",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20090115-md5.shtml"
},
{
"title": "hitachi-sec-2017-102",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-102/index.html"
},
{
"title": "hitachi-sec-2017-119",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-119/index.html"
},
{
"title": "961509",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"title": "MD5 Weaknesses Could Lead to Certificate Forgery",
"trust": 0.8,
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"title": "NV09-002",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-002.html"
},
{
"title": "MD5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066 ",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/vu836068.html"
},
{
"title": "This morning\u2019s MD5 attack - resolved",
"trust": 0.8,
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"title": "hitachi-sec-2017-119",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-119/index.html"
},
{
"title": "hitachi-sec-2017-102",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-102/index.html"
},
{
"title": "961509",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/advisory/961509.mspx"
},
{
"title": "MD5\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3078\u306e\u885d\u7a81\u653b\u6483\u306b\u3088\u308bSSL\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u507d\u9020\u306b\u95a2\u3059\u308b\u5831\u9053\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://www.verisign.co.jp/ssl/about/20090106.html"
},
{
"title": "Ubuntu Security Notice: nss, firefox vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-740-1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"trust": 2.8,
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"trust": 2.8,
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/33065"
},
{
"trust": 2.2,
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"trust": 2.0,
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"trust": 2.0,
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080a5d24a.html"
},
{
"trust": 1.7,
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"trust": 1.7,
"url": "http://www.win.tue.nl/hashclash/softintcodesign/"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4866"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33826"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34281"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-february/msg00096.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1024697"
},
{
"trust": 1.1,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0838.html"
},
{
"trust": 1.1,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0837.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42181"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05289935"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05336888"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03814en_us"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc1321"
},
{
"trust": 0.8,
"url": "http://www.coresecurity.com/content/md5-harmful"
},
{
"trust": 0.8,
"url": "http://www.cs.cmu.edu/~perspectives/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2761"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-18-058-02"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2009/wr090101.html#5"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu836068/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-2761"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/499685/100/0/threaded"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05289935"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05336888"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-2761"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/projects/security/pki/nss/"
},
{
"trust": 0.3,
"url": "http://tools.ietf.org/html/rfc3279"
},
{
"trust": 0.3,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/vu836068.html"
},
{
"trust": 0.3,
"url": "http://www.trustcenter.de/media/tc_response_to_md5_vulnerability_paper.pdf"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=17341"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15578.html?ref=rss"
},
{
"trust": 0.3,
"url": "http://www.entrust.net/knowledge-base/technote.cfm?tn=7690"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2808"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/740-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/24807/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03814en_us"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://www.win.tue.nl/hashclash/rogue-ca/."
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#836068"
},
{
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"db": "BID",
"id": "33065"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "PACKETSTORM",
"id": "138866"
},
{
"db": "PACKETSTORM",
"id": "139894"
},
{
"db": "PACKETSTORM",
"id": "146157"
},
{
"db": "PACKETSTORM",
"id": "75815"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#836068"
},
{
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"db": "BID",
"id": "33065"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"db": "PACKETSTORM",
"id": "138866"
},
{
"db": "PACKETSTORM",
"id": "139894"
},
{
"db": "PACKETSTORM",
"id": "146157"
},
{
"db": "PACKETSTORM",
"id": "75815"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-31T00:00:00",
"db": "CERT/CC",
"id": "VU#836068"
},
{
"date": "2009-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"date": "2008-12-30T00:00:00",
"db": "BID",
"id": "33065"
},
{
"date": "2009-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"date": "2016-09-27T13:59:31",
"db": "PACKETSTORM",
"id": "138866"
},
{
"date": "2016-11-24T11:11:00",
"db": "PACKETSTORM",
"id": "139894"
},
{
"date": "2018-01-29T15:59:00",
"db": "PACKETSTORM",
"id": "146157"
},
{
"date": "2009-03-18T01:54:16",
"db": "PACKETSTORM",
"id": "75815"
},
{
"date": "2008-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"date": "2009-01-05T20:30:02.140000",
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-21T00:00:00",
"db": "CERT/CC",
"id": "VU#836068"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2761"
},
{
"date": "2017-05-02T03:05:00",
"db": "BID",
"id": "33065"
},
{
"date": "2019-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001001"
},
{
"date": "2009-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-025"
},
{
"date": "2018-10-19T15:30:59.527000",
"db": "NVD",
"id": "CVE-2004-2761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "146157"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MD5 vulnerable to collision attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#836068"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-025"
}
],
"trust": 0.6
}
}
GHSA-2Q4P-93P8-Q2J6
Vulnerability from github – Published: 2022-04-29 03:02 – Updated: 2025-04-09 04:02
VLAI?
Details
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
{
"affected": [],
"aliases": [
"CVE-2004-2761"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-01-05T20:30:00Z",
"severity": "MODERATE"
},
"details": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"id": "GHSA-2q4p-93p8-q2j6",
"modified": "2025-04-09T04:02:36Z",
"published": "2022-04-29T03:02:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761"
},
{
"type": "WEB",
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"type": "WEB",
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/33826"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34281"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42181"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/4866"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1024697"
},
{
"type": "WEB",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"type": "WEB",
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"type": "WEB",
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"type": "WEB",
"url": "http://www.phreedom.org/research/rogue-ca"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/33065"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"type": "WEB",
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign"
},
{
"type": "WEB",
"url": "http://www.win.tue.nl/hashclash/rogue-ca"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2024-AVI-0002
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OnCell G3150A-LTE Series versions 1.3 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6093"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2004-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2761"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2023-6094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6094"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Moxa\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa OnCell G3150A-LTE Series",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-234939 du 29 d\u00e9cembre 2023",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement"
}
]
}
CERTFR-2024-AVI-0002
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OnCell G3150A-LTE Series versions 1.3 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6093"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2004-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-2761"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2023-6094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6094"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Moxa\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa OnCell G3150A-LTE Series",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-234939 du 29 d\u00e9cembre 2023",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement"
}
]
}
GSD-2004-2761
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2004-2761",
"description": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"id": "GSD-2004-2761",
"references": [
"https://www.suse.com/security/cve/CVE-2004-2761.html",
"https://access.redhat.com/errata/RHSA-2010:0838",
"https://access.redhat.com/errata/RHSA-2010:0837"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2004-2761"
],
"details": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"id": "GSD-2004-2761",
"modified": "2023-12-13T01:22:55.034845Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33065"
},
{
"name": "RHSA-2010:0837",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"name": "http://www.phreedom.org/research/rogue-ca/",
"refsource": "MISC",
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"name": "VU#836068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"name": "4866",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4866"
},
{
"name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/",
"refsource": "MISC",
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/",
"refsource": "MISC",
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"name": "33826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33826"
},
{
"name": "34281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34281"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/961509.mspx",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"name": "http://www.doxpara.com/research/md5/md5_someday.pdf",
"refsource": "MISC",
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "RHSA-2010:0838",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php",
"refsource": "MISC",
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"name": "USN-740-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"name": "1024697",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024697"
},
{
"name": "FEDORA-2009-1276",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "42181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42181"
},
{
"name": "http://www.win.tue.nl/hashclash/rogue-ca/",
"refsource": "MISC",
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2761"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php",
"refsource": "MISC",
"tags": [],
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"name": "http://www.phreedom.org/research/rogue-ca/",
"refsource": "MISC",
"tags": [],
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/961509.mspx",
"refsource": "MISC",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/",
"refsource": "MISC",
"tags": [],
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"name": "http://www.doxpara.com/research/md5/md5_someday.pdf",
"refsource": "MISC",
"tags": [],
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"name": "33065",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/33065"
},
{
"name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/",
"refsource": "MISC",
"tags": [],
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"name": "http://www.win.tue.nl/hashclash/rogue-ca/",
"refsource": "MISC",
"tags": [],
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx",
"refsource": "MISC",
"tags": [],
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"name": "VU#836068",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"name": "4866",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/4866"
},
{
"name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
"refsource": "CISCO",
"tags": [],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"name": "33826",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/33826"
},
{
"name": "FEDORA-2009-1276",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"name": "USN-740-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"name": "34281",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34281"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"name": "1024697",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1024697"
},
{
"name": "RHSA-2010:0838",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"name": "RHSA-2010:0837",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"name": "42181",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/42181"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"refsource": "CONFIRM",
"tags": [],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"refsource": "CONFIRM",
"tags": [],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"tags": [],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-19T15:30Z",
"publishedDate": "2009-01-05T20:30Z"
}
}
}
ICSMA-18-058-02
Vulnerability from csaf_cisa - Published: 2018-02-27 00:00 - Updated: 2018-02-27 00:00Summary
Philips Intellispace Portal ISP Vulnerabilities
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, perform man-in-the-middle attacks, create denial of service conditions, or execute arbitrary code.
Critical infrastructure sectors
Healthcare and Public Health
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Recommended Practices
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
Do not click web links or open attachments in unsolicited email messages.
Recommended Practices
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
{
"document": {
"acknowledgments": [
{
"organization": "Phillips",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, perform man-in-the-middle attacks, create denial of service conditions, or execute arbitrary code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSMA-18-058-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-058-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSMA-18-058-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Philips Intellispace Portal ISP Vulnerabilities",
"tracking": {
"current_release_date": "2018-02-27T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSMA-18-058-02",
"initial_release_date": "2018-02-27T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-02-27T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSMA-18-058-02 Philips Intellispace Portal ISP Vulnerabilities"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "IntelliSpace Portal 8.0.x: *",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "IntelliSpace Portal 8.0.x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "IntelliSpace Portal 7.0.x: *",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "IntelliSpace Portal 7.0.x"
}
],
"category": "vendor",
"name": "Phillips"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5474",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5474"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0143"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0144",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0144"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0145",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0145"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0146",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0146"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0148",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0148"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0272",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0272"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0277",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0277"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0278",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0278"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0279",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0279"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0269",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0269"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0273",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0273"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0280",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka \"Windows SMB Denial of Service Vulnerability\". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0280"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0147",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka \"Windows SMB Information Disclosure Vulnerability.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0147"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0267",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0267"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0268",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0268"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0270",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0270"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0271",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0271"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0274",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0274"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0275",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0275"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0276",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0276"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5472",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5472"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5468",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5468"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-0199",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0199"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2005-1794",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1794"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5470",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5470"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5454",
"cwe": {
"id": "CWE-489",
"name": "Active Debug Code"
},
"notes": [
{
"category": "summary",
"text": "The ISP has a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5454"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5458",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5458"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5462",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5462"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5464",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5464"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5466"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-3389",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2004-2761",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2761"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-3566",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-2183",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Philips\u0027 evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips\u0027 InCenter. ISP users are recommended to obtain available mitigating controls by accessing their InCenter account at this location: http://incenter.medical.philips.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "mitigation",
"details": "Users with questions regarding their specific ISP installations are advised by Philips to contact their local Philips service support team or their regional service support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Philips\u0027 contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"category": "mitigation",
"details": "Please see the Philips product security website for the latest security information for Philips products: https://www.philips.com/productsecurity",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.philips.com/productsecurity"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
FKIE_CVE-2004-2761
Vulnerability from fkie_nvd - Published: 2009-01-05 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/ | ||
| cve@mitre.org | http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx | ||
| cve@mitre.org | http://secunia.com/advisories/33826 | ||
| cve@mitre.org | http://secunia.com/advisories/34281 | ||
| cve@mitre.org | http://secunia.com/advisories/42181 | ||
| cve@mitre.org | http://securityreason.com/securityalert/4866 | ||
| cve@mitre.org | http://securitytracker.com/id?1024697 | ||
| cve@mitre.org | http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html | ||
| cve@mitre.org | http://www.doxpara.com/research/md5/md5_someday.pdf | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/836068 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.microsoft.com/technet/security/advisory/961509.mspx | Mitigation, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.phreedom.org/research/rogue-ca/ | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/499685/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/33065 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-740-1 | ||
| cve@mitre.org | http://www.win.tue.nl/hashclash/SoftIntCodeSign/ | ||
| cve@mitre.org | http://www.win.tue.nl/hashclash/rogue-ca/ | ||
| cve@mitre.org | https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=648886 | Issue Tracking | |
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 | ||
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 | ||
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 | ||
| cve@mitre.org | https://rhn.redhat.com/errata/RHSA-2010-0837.html | ||
| cve@mitre.org | https://rhn.redhat.com/errata/RHSA-2010-0838.html | ||
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33826 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34281 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4866 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.doxpara.com/research/md5/md5_someday.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/836068 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.microsoft.com/technet/security/advisory/961509.mspx | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.phreedom.org/research/rogue-ca/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/499685/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/33065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-740-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.win.tue.nl/hashclash/SoftIntCodeSign/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.win.tue.nl/hashclash/rogue-ca/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=648886 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0837.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2010-0838.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ietf | md5 | - | |
| ietf | x.509_certificate | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFFBAC4-D50D-4CC4-A12C-9708D3C1199C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3009C5D9-9EF8-43B2-BF17-DEBC497994B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
},
{
"lang": "es",
"value": "El algoritmo MD5 Message-Digest no resistente a colisi\u00f3n, el cual hace m\u00e1s f\u00e1cil para atacantes dependientes de contexto, llevar a cabo ataques de suplantaci\u00f3n, como lo demuestran los ataques de utilizaci\u00f3n de MD5 en la firma del algoritmo de un certificado X.509."
}
],
"evaluatorImpact": "There are four significant mitigating factors.\n\n1) Most enterprise-class certificates, such as VeriSign\u2019s Extended Validation SSL Certificates use the still secure SHA-1 hash function. \n\n2) Certificates already issued with MD5 signatures are not at risk. The exploit only affects new certificate acquisitions. \n\n3) CAs are quickly moving to replace MD5 with SHA-1. For example, VeriSign was planning to phase out MD5 by the end of January 2009. The date was pushed up due to the December proof of concept. On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures. \n\n4)The researchers did not release the under-the-hood specifics of how the exploit was executed. \n\nSource - http://www.techrepublic.com/blog/it-security/the-new-md5-ssl-exploit-is-not-the-end-of-civilization-as-we-know-it/?tag=nl.e036",
"id": "CVE-2004-2761",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-05T20:30:02.140",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"source": "cve@mitre.org",
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33826"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34281"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42181"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4866"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1024697"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"source": "cve@mitre.org",
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33065"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"source": "cve@mitre.org",
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"source": "cve@mitre.org",
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/836068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phreedom.org/research/rogue-ca/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-740-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.win.tue.nl/hashclash/rogue-ca/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Please see http://kbase.redhat.com/faq/docs/DOC-15379",
"lastModified": "2009-01-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…