Action not permitted
Modal body text goes here.
cve-2015-1793
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T04:54:16.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SSRT102180", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825" }, { "name": "1032817", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1032817" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "GLSA-201507-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201507-15" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "name": "FreeBSD-SA-15:12", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" }, { "name": "FEDORA-2015-11414", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://openssl.org/news/secadv_20150709.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "HPSBGN03424", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "name": "FEDORA-2015-11475", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "91787", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/91787" }, { "name": "HPSBUX03388", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "name": "75652", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/75652" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694" }, { "name": "38640", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/38640/" }, { "name": "SSA:2015-190-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "name": "NetBSD-SA2015-008", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-07-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-30T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "SSRT102180", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825" }, { "name": "1032817", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1032817" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "GLSA-201507-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201507-15" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "name": "FreeBSD-SA-15:12", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" }, { "name": "FEDORA-2015-11414", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://openssl.org/news/secadv_20150709.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "HPSBGN03424", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "name": "FEDORA-2015-11475", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "91787", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/91787" }, { "name": "HPSBUX03388", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "name": "75652", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/75652" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694" }, { "name": "38640", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/38640/" }, { "name": "SSA:2015-190-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "name": "NetBSD-SA2015-008", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1793", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SSRT102180", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825" }, { "name": "1032817", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032817" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "GLSA-201507-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201507-15" }, { "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm", "refsource": "CONFIRM", "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl" }, { "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8", "refsource": "CONFIRM", "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "name": "FreeBSD-SA-15:12", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" }, { "name": "FEDORA-2015-11414", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "http://openssl.org/news/secadv_20150709.txt", "refsource": "CONFIRM", "url": "http://openssl.org/news/secadv_20150709.txt" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "HPSBGN03424", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "name": "FEDORA-2015-11475", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html" }, { "name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "refsource": "CONFIRM", "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125" }, { "name": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "refsource": "CONFIRM", "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787" }, { "name": "HPSBUX03388", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "name": "75652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75652" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694" }, { "name": "38640", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38640/" }, { "name": "SSA:2015-190-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "name": "NetBSD-SA2015-008", "refsource": "NETBSD", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1793", "datePublished": "2015-07-09T19:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2015-1793\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-07-09T19:17:00.093\",\"lastModified\":\"2023-11-07T02:24:55.670\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n de verificaci\u00f3n de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricci\u00f3n b\u00e1sica del X.509 durante la identificaci\u00f3n de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una funci\u00f3n de autoridad de certificaci\u00f3n y propiciar verificaciones de certificado involuntarias a trav\u00e9s de un leaf certificate v\u00e1lido.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.4},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F958CB89-F7D2-4773-86D9-4C225ED44128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF690CE-E83D-4C92-A0F2-5A5A450F73F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4C8E58-FD8C-4269-98B2-FAB85271C9C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3581A634-36D3-4EA1-A08F-973E216B6DAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9EC827B-5313-47D7-BF49-CFF033CF3D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A438E65F-33B1-46BC-AD93-200DCC6B43D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0.6\",\"matchCriteriaId\":\"D5646853-D852-45B8-8835-2C77C937FC9D\"}]}]}],\"references\":[{\"url\":\"http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://openssl.org/news/secadv_20150709.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/75652\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/91787\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1032817\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201507-15\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.exploit-db.com/exploits/38640/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc\",\"source\":\"secalert@redhat.com\"}]}}" } }
gsd-2015-1793
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2015-1793", "description": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", "id": "GSD-2015-1793", "references": [ "https://www.suse.com/security/cve/CVE-2015-1793.html", "https://advisories.mageia.org/CVE-2015-1793.html", "https://alas.aws.amazon.com/cve/html/CVE-2015-1793.html", "https://packetstormsecurity.com/files/cve/CVE-2015-1793" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2015-1793" ], "details": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", "id": "GSD-2015-1793", "modified": "2023-12-13T01:20:04.942278Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1793", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SSRT102180", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825" }, { "name": "1032817", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032817" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "GLSA-201507-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201507-15" }, { "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm", "refsource": "CONFIRM", "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl" }, { "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8", "refsource": "CONFIRM", "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "name": "FreeBSD-SA-15:12", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" }, { "name": "FEDORA-2015-11414", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "http://openssl.org/news/secadv_20150709.txt", "refsource": "CONFIRM", "url": "http://openssl.org/news/secadv_20150709.txt" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "name": "HPSBGN03424", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "name": "FEDORA-2015-11475", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html" }, { "name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "refsource": "CONFIRM", "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125" }, { "name": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "refsource": "CONFIRM", "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787" }, { "name": "HPSBUX03388", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "name": "75652", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75652" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694" }, { "name": "38640", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38640/" }, { "name": "SSA:2015-190-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "name": "NetBSD-SA2015-008", "refsource": "NETBSD", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.0.0.6", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1793" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-254" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "name": "http://openssl.org/news/secadv_20150709.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://openssl.org/news/secadv_20150709.txt" }, { "name": "SSRT102180", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694", "refsource": "CONFIRM", "tags": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "name": "91787", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/91787" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "name": "HPSBGN03424", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "75652", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/75652" }, { "name": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "refsource": "CONFIRM", "tags": [], "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm", "refsource": "CONFIRM", "tags": [], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" }, { "name": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery", "refsource": "CONFIRM", "tags": [], "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825", "refsource": "CONFIRM", "tags": [], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125", "refsource": "CONFIRM", "tags": [], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125" }, { "name": "GLSA-201507-15", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201507-15" }, { "name": "NetBSD-SA2015-008", "refsource": "NETBSD", "tags": [], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" }, { "name": "FreeBSD-SA-15:12", "refsource": "FREEBSD", "tags": [], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc" }, { "name": "SSA:2015-190-01", "refsource": "SLACKWARE", "tags": [], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "name": "1032817", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1032817" }, { "name": "20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products", "refsource": "CISCO", "tags": [], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl" }, { "name": "FEDORA-2015-11475", "refsource": "FEDORA", "tags": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html" }, { "name": "FEDORA-2015-11414", "refsource": "FEDORA", "tags": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html" }, { "name": "38640", "refsource": "EXPLOIT-DB", "tags": [], "url": "https://www.exploit-db.com/exploits/38640/" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "refsource": "CONFIRM", "tags": [], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 2.5 } }, "lastModifiedDate": "2018-11-30T21:30Z", "publishedDate": "2015-07-09T19:17Z" } } }
var-201507-0348
Vulnerability from variot
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. OpenSSL Contains a certificate chain validation flaw. 2015 Year 7 Moon 9 Day, OpenSSL Project Than OpenSSL Security Advisory [9 Jul 2015] Has been published. OpenSSL Security Advisory [9 Jul 2015] https://www.openssl.org/news/secadv_20150709.txt According to the advisory, the following vulnerabilities have been fixed: OpenSSL 1.0.2d , 1.0.1p Has been released. Severity − High (Severity: High) ・ Alternative chains certificate forgery (CVE-2015-1793) OpenSSL Tries to build an alternative certificate chain if the certificate validation fails to build the first certificate chain, but there is a flaw in the implementation of this process. As a result, for example CA Flag FALSE A certificate issued using a certificate that is considered to be trusted is not detected as being invalid. CA May be treated as a certificate issued by.Man-in-the-middle attacks (man-in-the-middle attack) By HTTPS The contents of the communication may be viewed or altered. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04760669
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04760669 Version: 1
HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-05 Last Updated: 2015-08-05
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.
This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.
References:
CVE-2015-4000: DHE man-in-the-middle protection (Logjam). CVE-2015-1788: Malformed ECParameters causes infinite loop. CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time. CVE-2015-1790: PKCS7 crash with missing EnvelopedContent CVE-2015-1791: Race condition handling NewSessionTicket CVE-2015-1792: CMS verify infinite loop with unknown hash function CVE-2015-1793: Alternative Chain Certificate Forgery.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided an updated version of OpenSSL to resolve this vulnerability.
A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 5 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2 L90AnAgGXxSCZgBVzDQCAezbHbrHPwtg =74KM -----END PGP SIGNATURE----- . The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access.
References:
- CVE-2014-8176 - Remote Denial of Service (DoS)
- CVE-2015-1788 - Remote Denial of Service (DoS)
- CVE-2015-1789 - Remote Denial of Service (DoS)
- CVE-2015-1790 - Remote Denial of Service (DoS)
- CVE-2015-1791 - Remote Denial of Service (DoS)
- CVE-2015-1792 - Remote Denial of Service (DoS)
- CVE-2015-1793 - Remote Unauthorized Access
- PSRT110158, SSRT102264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION below for a list of impacted products.
COMWARE 5 Products
- A6600 (Comware 5) - Version: R3303P23
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- HSR6602 (Comware 5) - Version: R3303P23
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 (Comware 5) - Version: R3303P23
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- MSR20 (Comware 5) - Version: R2514P10
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
- MSR20-1X (Comware 5) - Version: R2514P10
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
- MSR 30 (Comware 5) - Version: R2514P10
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
- MSR 30-16 (Comware 5) - Version: R2514P10
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
- MSR 30-1X (Comware 5) - Version: R2514P10
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
- MSR 50 (Comware 5) - Version: R2514P10
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
- MSR 50-G2 (Comware 5) - Version: R2514P10
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
- MSR 9XX (Comware 5) - Version: R2514P10
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
- MSR 93X (Comware 5) - Version: R2514P10
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
- MSR1000 (Comware 5) - Version: R2514P10
- HP Network Products
- JG732A HP MSR1003-8 AC Router
- 12500 (Comware 5) - Version: R1829P01
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- 9500E (Comware 5) - Version: R1829P01
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
- 10500 (Comware 5) - Version: R1210P01
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
- 7500 (Comware 5) - Version: R6710P01
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
- 5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
- 5800 (Comware 5) - Version: R1809P11
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
- 5500 HI (Comware 5) - Version: R5501P17
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
- 5500 EI (Comware 5) - Version: R2221P19
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- 4800G (Comware 5) - Version: R2221P19
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
- 5500SI (Comware 5) - Version: R2221P20
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
- 4500G (Comware 5) - Version: R2221P20
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
- 5120 EI (Comware 5) - Version: R2221P20
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
- 4210G (Comware 5) - Version: R2221P20
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
- 5120 SI (Comware 5) - Version: R1516
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
- 3610 (Comware 5) - Version: R5319P14
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
- 3600V2 (Comware 5) - Version: R2110P06
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
- 3100V2-48 (Comware 5) - Version: R2110P06
- HP Network Products
- JG315A HP 3100-48 v2 Switch
- JG315B HP 3100-48 v2 Switch
- HP870 (Comware 5) - Version: R2607P46
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
- HP850 (Comware 5) - Version: R2607P46
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
- HP830 (Comware 5) - Version: R3507P46
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
- HP6000 (Comware 5) - Version: R2507P46
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
- WX5004-EI (Comware 5) - Version: R2507P46
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
- SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
- F1000-E (Comware 5) - Version: R3181P07
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
- F1000-A-EI (Comware 5) - Version: R3734P08
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
- F1000-S-EI (Comware 5) - Version: R3734P08
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
- F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
- U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
- U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
- F5000-C/S (Comware 5) - Version: R3811P05
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
- SecBlade III (Comware 5) - Version: R3820P06
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
- 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC165A) HP 6600 RPE-X1 Router Module
- JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC176A) HP 6602 Router Chassis
- HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- SMB1910 (Comware 5) - Version: R1111
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
- SMB1920 (Comware 5) - Version: R1109
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
- V1910 (Comware 5) - Version: R1516
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
- SMB 1620 (Comware 5) - Version: R1108
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7376
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: R7170
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: R1138P01
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: R0305P04
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: E0321P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: R2138P01
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: R3109P16
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 5700 (Comware 7) - Version: R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: R7103P05
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: R7103P05
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: R3109P16
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: R7170
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
iMC Products
- iMC Plat - Version: iMC Plat 7.1 E0303P16
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
- iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- iMC NSM - Version: iMC WSM 7.1 E0303P10
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU
VCX Products
- VCX - Version: 9.8.18
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
HISTORY Version:1 (rev.1) - 5 July 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1p"
References
[ 1 ] CVE-2015-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . The vulnerability could be exploited to allow remote authentication bypass.
Note: HP C.A. contains a version of Node.js, that when used in FIPS mode is affected by Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793). The patch is available from HP Software Support Online portal (HP SSO).
Note: This patch includes Node.js for FIPS mode that includes the newer version of OpenSSL (1.0.2d) which addresses the vulnerability. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:12.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL alternate chains certificate forgery vulnerability
Category: contrib Module: openssl Announced: 2015-07-09 Credits: Adam Langley/David Benjamin (Google/BoringSSL), OpenSSL Affects: FreeBSD 10.1-STABLE after 2015-06-11 and prior to the correction date. Corrected: 2015-07-09 17:17:22 UTC (stable/10, 10.2-PRERELEASE, 10.2-BETA1) CVE Name: CVE-2015-1793
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II.
An error in the implementation of this logic could erroneously mark certificate as trusted when they should not.
III.
IV. Workaround
No workaround is available.
NOTE WELL: This issue does not affect earlier FreeBSD releases, including the supported 8.4, 9.3 and 10.1-RELEASE because the alternative certificate chain feature was not introduced in these releases. Only 10.1-STABLE after 2015-06-11 and prior to the correction date is affected.
V. Solution
Upgrade your vulnerable system to the latest supported FreeBSD stable/10 branch dated after the correction date.
Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/10/ r285330
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p
This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150709.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0348", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "9.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "9.1" }, { "model": "openssl", "scope": "eq", "trust": 1.8, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.8, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.8, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.8, "vendor": "openssl", "version": "1.0.2c" }, { "model": "integrated lights out manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "3.2" }, { "model": "integrated lights out manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "3.0" }, { "model": "integrated lights out manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "3.1" }, { "model": "supply chain products suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.2.0" }, { "model": "supply chain products suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.1.2.2" }, { "model": "opus 10g ethernet switch family", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "2.0.0.6" }, { "model": "supply chain products suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.1.3.0" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.9, "vendor": "juniper", "version": null }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.25" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.20" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.22" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "base platform 11.1.0.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "base platform 11.2.0.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "base platform 12.1.0.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "base platform 12.1.0.5" }, { "model": "enterprise manager", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "grid control of oss support tools 8.8.15.7.15" }, { "model": "enterprise manager", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.1.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.3.0" }, { "model": "ethernet switch", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "es2-64 2.0.0.6" }, { "model": "ethernet switch", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "es2-72 2.0.0.6" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.7.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.9.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.3.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.4.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.5.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.6.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle tuxedo 12.1.1.0" }, { "model": "jd edwards products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of jd edwards world security a9.4" }, { "model": "peoplesoft products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of peoplesoft enterprise peopletools 8.53" }, { "model": "peoplesoft products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of peoplesoft enterprise peopletools 8.54" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle agile engineering data management 6.1.2.2" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle agile engineering data management 6.1.3.0" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle agile engineering data management 6.2.0.0" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle transportation management 6.1" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle transportation management 6.2" }, { "model": "switch", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "es1-24 1.3.1.13" }, { "model": "sun blade 6000 ethernet switched nem 24p 10ge", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "1.2.2.13" }, { "model": "sun network 10ge switch 72p", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "1.2.2.15" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0 manager component" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver8.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "hs series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.01" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.02" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.4 to v9.2" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator ver3.1.0.x to ver4.1.0.x" }, { "model": "junos 12.1x46-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "opus 10g ethernet switch family", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "2.0.0.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.53" }, { "model": "hp-ux b.11.22", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "junos 12.1x44-d33", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "junos 12.1x47-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.4" }, { "model": "worklight foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.20" }, { "model": "junos 13.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.35" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "netinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "agile engineering data management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.2.2" }, { "model": "ios xe", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.14" }, { "model": "rational automation framework ifix5", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "hp-ux b.11.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13-34" }, { "model": "junos 12.1x44-d51", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.20" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "imc products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.16-37" }, { "model": "digital media players 5.3 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos 12.1x44-d50", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "junos 12.3x48-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4-23" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.25-57" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-43" }, { "model": "telepresence conductor xc4.0", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ios xe", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.16" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "ethernet switch es2-64", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "2.0.0.6" }, { "model": "ios xe", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.15" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "junos 12.3x48-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.5" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.11-28" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "ethernet switch es2-72", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "2.0.0.6" }, { "model": "junos 15.1r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.36" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5.1" }, { "model": "junos 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ethernet switch es2-64", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.9.1" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.5" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.34" }, { "model": "digital media players 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "jd edwards world security a9.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "junos 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sun blade ethernet switched nem 24p 10ge", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "60000" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "registered envelope service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4.1" }, { "model": "aspera orchestrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ethernet switch es2-72", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.9.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "partner supporting service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15-36" }, { "model": "junos 12.1x44-d55", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d40", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 12.1x44-d30.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 15.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "junos d20", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "comware products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "50" }, { "model": "prime network services controller 3.4.1c", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.6.0" }, { "model": "hp-ux b.11.11.16.09", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9" }, { "model": "webex messenger service ep1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.9.9" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "switch es1-24", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2919" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "hp-ux b.11.11.13.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 14.1r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "comware products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "ios xe", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.13" }, { "model": "10.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hp-ux b.11.23.1.007", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.5.0" }, { "model": "sun network 10ge switch 72p", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.3.4.2-4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.29-9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security manager sp1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.8" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "rational tau interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "local collector appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.10" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 13.2x51-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "junos 14.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.3" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x46-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "hp-ux b.11.11.02.008", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x44-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aspera point to point", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.5" }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x46-d55", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "netinsight", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.14" }, { "model": "junos 12.1x47-d11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "junos 12.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "esight network v300r003c10spc201", "scope": "ne", "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "agile engineering data management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.3.0" }, { "model": "socialminer", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "junos 14.2r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.3.0" }, { "model": "aspera faspex application", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.2" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.2x51-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 12.1x47-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "model d9485 davic qpsk", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "junos d35", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "vcx products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "agile engineering data management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.0.0" }, { "model": "junos 12.1x47-d45", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nexus series fex", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "tuxedo", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "junos 12.1x44-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2.1" }, { "model": "rational tau interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "junos 12.1x46-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "hp-ux b.11.11.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.18-49" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "hp-ux b.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "puredata system for analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "industrial router 1.2.1rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13-41" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.31" }, { "model": "hp-ux b.11.23.07.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "netezza host management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.7.0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.2d", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "junos 12.3x48-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9-34" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "security proventia network active bypass 0343c3c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "junos 12.1x46-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "junos 12.3r11", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.2" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "junos 13.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "esight network v300r003c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.2" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "junos 15.1x49-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "switch es1-24", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.4" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-42" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "junos 14.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "aspera enterprise server client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "worklight foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "aspera ondemand", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.4" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "junos 12.3r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1876" }, { "model": "digital media players series 5.3 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud service automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.5" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "worklight foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "hp-ux b.11.11.14.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x44-d35.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "junos 12.3x48-d30", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.32" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sun blade ethernet switched nem 24p 10ge", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "60001.2.2.13" }, { "model": "services analytic platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "switch es1-24", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "1.3.1.3" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.9" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "junos 13.2x51-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "junos 12.1x46-d36", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "hp-ux b.11.11.15.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "junos 15.1x49-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "model d9485 davic qpsk", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.2.19" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.1" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.33" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.6.0" }, { "model": "junos 12.1x46-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sun network 10ge switch 72p", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "1.2.2.15" }, { "model": "junos 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.3r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "digital media players series 5.3 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "junos 12.1x44-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null } ], "sources": [ { "db": "BID", "id": "75652" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "CNNVD", "id": "CNNVD-201507-298" }, { "db": "NVD", "id": "CVE-2015-1793" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.0.0.6", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-1793" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adam Langley of Google and David Benjamin of BoringSSL.", "sources": [ { "db": "BID", "id": "75652" } ], "trust": 0.3 }, "cve": "CVE-2015-1793", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-1793", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-79754", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-81961", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2015-1793", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-1793", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201507-298", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-79754", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81961", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-1793", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "VULMON", "id": "CVE-2015-1793" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "CNNVD", "id": "CNNVD-201507-298" }, { "db": "NVD", "id": "CVE-2015-1793" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. OpenSSL Contains a certificate chain validation flaw. 2015 Year 7 Moon 9 Day, OpenSSL Project Than OpenSSL Security Advisory [9 Jul 2015] Has been published. OpenSSL Security Advisory [9 Jul 2015] https://www.openssl.org/news/secadv_20150709.txt According to the advisory, the following vulnerabilities have been fixed: OpenSSL 1.0.2d , 1.0.1p Has been released. Severity \u2212 High (Severity: High) \uff65 Alternative chains certificate forgery (CVE-2015-1793) OpenSSL Tries to build an alternative certificate chain if the certificate validation fails to build the first certificate chain, but there is a flaw in the implementation of this process. As a result, for example CA Flag FALSE A certificate issued using a certificate that is considered to be trusted is not detected as being invalid. CA May be treated as a certificate issued by.Man-in-the-middle attacks (man-in-the-middle attack) By HTTPS The contents of the communication may be viewed or altered. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. \nOpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a security vulnerability in the TLS protocol 1.2 and earlier versions. The vulnerability comes from that when the server enables the DHE_EXPORT cipher suite, the program does not pass the DHE_EXPORT option correctly. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and cipher-downgrade attacks by rewriting ClientHello (use DHE_EXPORT instead of DHE) and then rewrite ServerHello (use DHE instead of DHE_EXPORT). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04760669\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04760669\nVersion: 1\n\nHPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \nCVE-2015-1788: Malformed ECParameters causes infinite loop. \nCVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time. \nCVE-2015-1790: PKCS7 crash with missing EnvelopedContent\nCVE-2015-1791: Race condition handling NewSessionTicket\nCVE-2015-1792: CMS verify infinite loop with unknown hash function\nCVE-2015-1793: Alternative Chain Certificate Forgery. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2\nL90AnAgGXxSCZgBVzDQCAezbHbrHPwtg\n=74KM\n-----END PGP SIGNATURE-----\n. The\nvulnerabilities could be exploited remotely resulting in Denial of Service\n(DoS) or unauthorized access. \n\nReferences:\n\n - CVE-2014-8176 - Remote Denial of Service (DoS)\n - CVE-2015-1788 - Remote Denial of Service (DoS)\n - CVE-2015-1789 - Remote Denial of Service (DoS)\n - CVE-2015-1790 - Remote Denial of Service (DoS)\n - CVE-2015-1791 - Remote Denial of Service (DoS)\n - CVE-2015-1792 - Remote Denial of Service (DoS)\n - CVE-2015-1793 - Remote Unauthorized Access\n - PSRT110158, SSRT102264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\n**COMWARE 5 Products**\n\n + **A6600 (Comware 5) - Version: R3303P23**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **HSR6602 (Comware 5) - Version: R3303P23**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 (Comware 5) - Version: R3303P23**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **MSR20 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD432A HP A-MSR20-21 Router\n - JD662A HP MSR20-20 Router\n - JD663A HP A-MSR20-21 Router\n - JD663B HP MSR20-21 Router\n - JD664A HP MSR20-40 Router\n - JF228A HP MSR20-40 Router\n - JF283A HP MSR20-20 Router\n + **MSR20-1X (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD431A HP MSR20-10 Router\n - JD667A HP MSR20-15 IW Multi-Service Router\n - JD668A HP MSR20-13 Multi-Service Router\n - JD669A HP MSR20-13 W Multi-Service Router\n - JD670A HP MSR20-15 A Multi-Service Router\n - JD671A HP MSR20-15 AW Multi-Service Router\n - JD672A HP MSR20-15 I Multi-Service Router\n - JD673A HP MSR20-11 Multi-Service Router\n - JD674A HP MSR20-12 Multi-Service Router\n - JD675A HP MSR20-12 W Multi-Service Router\n - JD676A HP MSR20-12 T1 Multi-Service Router\n - JF236A HP MSR20-15-I Router\n - JF237A HP MSR20-15-A Router\n - JF238A HP MSR20-15-I-W Router\n - JF239A HP MSR20-11 Router\n - JF240A HP MSR20-13 Router\n - JF241A HP MSR20-12 Router\n - JF806A HP MSR20-12-T Router\n - JF807A HP MSR20-12-W Router\n - JF808A HP MSR20-13-W Router\n - JF809A HP MSR20-15-A-W Router\n - JF817A HP MSR20-15 Router\n - JG209A HP MSR20-12-T-W Router (NA)\n - JG210A HP MSR20-13-W Router (NA)\n + **MSR 30 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD654A HP MSR30-60 POE Multi-Service Router\n - JD657A HP MSR30-40 Multi-Service Router\n - JD658A HP MSR30-60 Multi-Service Router\n - JD660A HP MSR30-20 POE Multi-Service Router\n - JD661A HP MSR30-40 POE Multi-Service Router\n - JD666A HP MSR30-20 Multi-Service Router\n - JF229A HP MSR30-40 Router\n - JF230A HP MSR30-60 Router\n - JF232A HP RTMSR3040-AC-OVSAS-H3\n - JF235A HP MSR30-20 DC Router\n - JF284A HP MSR30-20 Router\n - JF287A HP MSR30-40 DC Router\n - JF801A HP MSR30-60 DC Router\n - JF802A HP MSR30-20 PoE Router\n - JF803A HP MSR30-40 PoE Router\n - JF804A HP MSR30-60 PoE Router\n - JG728A HP MSR30-20 TAA-compliant DC Router\n - JG729A HP MSR30-20 TAA-compliant Router\n + **MSR 30-16 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD659A HP MSR30-16 POE Multi-Service Router\n - JD665A HP MSR30-16 Multi-Service Router\n - JF233A HP MSR30-16 Router\n - JF234A HP MSR30-16 PoE Router\n + **MSR 30-1X (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JF800A HP MSR30-11 Router\n - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n - JG182A HP MSR30-11E Router\n - JG183A HP MSR30-11F Router\n - JG184A HP MSR30-10 DC Router\n + **MSR 50 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD433A HP MSR50-40 Router\n - JD653A HP MSR50 Processor Module\n - JD655A HP MSR50-40 Multi-Service Router\n - JD656A HP MSR50-60 Multi-Service Router\n - JF231A HP MSR50-60 Router\n - JF285A HP MSR50-40 DC Router\n - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JD429A HP MSR50 G2 Processor Module\n - JD429B HP MSR50 G2 Processor Module\n + **MSR 9XX (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JF812A HP MSR900 Router\n - JF813A HP MSR920 Router\n - JF814A HP MSR900-W Router\n - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n - JG207A HP MSR900-W Router (NA)\n - JG208A HP MSR920-W Router (NA)\n + **MSR 93X (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JG511A HP MSR930 Router\n - JG511B HP MSR930 Router\n - JG512A HP MSR930 Wireless Router\n - JG513A HP MSR930 3G Router\n - JG513B HP MSR930 3G Router\n - JG514A HP MSR931 Router\n - JG514B HP MSR931 Router\n - JG515A HP MSR931 3G Router\n - JG516A HP MSR933 Router\n - JG517A HP MSR933 3G Router\n - JG518A HP MSR935 Router\n - JG518B HP MSR935 Router\n - JG519A HP MSR935 Wireless Router\n - JG520A HP MSR935 3G Router\n - JG531A HP MSR931 Dual 3G Router\n - JG531B HP MSR931 Dual 3G Router\n - JG596A HP MSR930 4G LTE/3G CDMA Router\n - JG597A HP MSR936 Wireless Router\n - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n - JH009A HP MSR931 Serial (TI) Router\n - JH010A HP MSR933 G.SHDSL (TI) Router\n - JH011A HP MSR935 ADSL2+ (TI) Router\n - JH012A HP MSR930 Wireless 802.11n (NA) Router\n - JH012B HP MSR930 Wireless 802.11n (NA) Router\n - JH013A HP MSR935 Wireless 802.11n (NA) Router\n + **MSR1000 (Comware 5) - Version: R2514P10**\n * HP Network Products\n - JG732A HP MSR1003-8 AC Router\n + **12500 (Comware 5) - Version: R1829P01**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JC808A HP 12500 TAA Main Processing Unit\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n + **9500E (Comware 5) - Version: R1829P01**\n * HP Network Products\n - JC124A HP A9508 Switch Chassis\n - JC124B HP 9505 Switch Chassis\n - JC125A HP A9512 Switch Chassis\n - JC125B HP 9512 Switch Chassis\n - JC474A HP A9508-V Switch Chassis\n - JC474B HP 9508-V Switch Chassis\n + **10500 (Comware 5) - Version: R1210P01**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC614A HP 10500 Main Processing Unit\n - JC748A HP 10512 Switch Chassis\n - JG375A HP 10500 TAA-compliant Main Processing Unit\n - JG820A HP 10504 TAA-compliant Switch Chassis\n - JG821A HP 10508 TAA-compliant Switch Chassis\n - JG822A HP 10508-V TAA-compliant Switch Chassis\n - JG823A HP 10512 TAA-compliant Switch Chassis\n + **7500 (Comware 5) - Version: R6710P01**\n * HP Network Products\n - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n - JC697A HP 7502 TAA-compliant Main Processing Unit\n - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD194A HP 7500 384Gbps Fabric Module\n - JD194B HP 7500 384Gbps Fabric Module\n - JD195A HP 7500 384Gbps Advanced Fabric Module\n - JD196A HP 7502 Fabric Module\n - JD220A HP 7500 768Gbps Fabric Module\n - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n - JD238A HP 7510 Switch Chassis\n - JD238B HP 7510 Switch Chassis\n - JD239A HP 7506 Switch Chassis\n - JD239B HP 7506 Switch Chassis\n - JD240A HP 7503 Switch Chassis\n - JD240B HP 7503 Switch Chassis\n - JD241A HP 7506-V Switch Chassis\n - JD241B HP 7506-V Switch Chassis\n - JD242A HP 7502 Switch Chassis\n - JD242B HP 7502 Switch Chassis\n - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n - JE164A HP E7902 Switch Chassis\n - JE165A HP E7903 Switch Chassis\n - JE166A HP E7903 1 Fabric Slot Switch Chassis\n - JE167A HP E7906 Switch Chassis\n - JE168A HP E7906 Vertical Switch Chassis\n - JE169A HP E7910 Switch Chassis\n + **5830 (Comware 5) - Version: R1118P13**\n * HP Network Products\n - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n - JC694A HP 5830AF-96G Switch\n - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n - JG374A HP 5830AF-96G TAA-compliant Switch\n + **5800 (Comware 5) - Version: R1809P11**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n + **5500 HI (Comware 5) - Version: R5501P17**\n * HP Network Products\n - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n + **5500 EI (Comware 5) - Version: R2221P19**\n * HP Network Products\n - JD373A HP 5500-24G DC EI Switch\n - JD374A HP 5500-24G-SFP EI Switch\n - JD375A HP 5500-48G EI Switch\n - JD376A HP 5500-48G-PoE EI Switch\n - JD377A HP 5500-24G EI Switch\n - JD378A HP 5500-24G-PoE EI Switch\n - JD379A HP 5500-24G-SFP DC EI Switch\n - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n + **4800G (Comware 5) - Version: R2221P19**\n * HP Network Products\n - JD007A HP 4800-24G Switch\n - JD008A HP 4800-24G-PoE Switch\n - JD009A HP 4800-24G-SFP Switch\n - JD010A HP 4800-48G Switch\n - JD011A HP 4800-48G-PoE Switch\n + **5500SI (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JD369A HP 5500-24G SI Switch\n - JD370A HP 5500-48G SI Switch\n - JD371A HP 5500-24G-PoE SI Switch\n - JD372A HP 5500-48G-PoE SI Switch\n - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n + **4500G (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JF428A HP 4510-48G Switch\n - JF847A HP 4510-24G Switch\n + **5120 EI (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JE066A HP 5120-24G EI Switch\n - JE067A HP 5120-48G EI Switch\n - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n - JE070A HP 5120-24G-PoE EI 2-slot Switch\n - JE071A HP 5120-48G-PoE EI 2-slot Switch\n - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n + **4210G (Comware 5) - Version: R2221P20**\n * HP Network Products\n - JF844A HP 4210-24G Switch\n - JF845A HP 4210-48G Switch\n - JF846A HP 4210-24G-PoE Switch\n + **5120 SI (Comware 5) - Version: R1516**\n * HP Network Products\n - JE072A HP 5120-48G SI Switch\n - JE072B HPE 5120 48G SI Switch\n - JE073A HP 5120-16G SI Switch\n - JE073B HPE 5120 16G SI Switch\n - JE074A HP 5120-24G SI Switch\n - JE074B HPE 5120 24G SI Switch\n - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n + **3610 (Comware 5) - Version: R5319P14**\n * HP Network Products\n - JD335A HP 3610-48 Switch\n - JD336A HP 3610-24-4G-SFP Switch\n - JD337A HP 3610-24-2G-2G-SFP Switch\n - JD338A HP 3610-24-SFP Switch\n + **3600V2 (Comware 5) - Version: R2110P06**\n * HP Network Products\n - JG299A HP 3600-24 v2 EI Switch\n - JG299B HP 3600-24 v2 EI Switch\n - JG300A HP 3600-48 v2 EI Switch\n - JG300B HP 3600-48 v2 EI Switch\n - JG301A HP 3600-24-PoE+ v2 EI Switch\n - JG301B HP 3600-24-PoE+ v2 EI Switch\n - JG301C HP 3600-24-PoE+ v2 EI Switch\n - JG302A HP 3600-48-PoE+ v2 EI Switch\n - JG302B HP 3600-48-PoE+ v2 EI Switch\n - JG302C HP 3600-48-PoE+ v2 EI Switch\n - JG303A HP 3600-24-SFP v2 EI Switch\n - JG303B HP 3600-24-SFP v2 EI Switch\n - JG304A HP 3600-24 v2 SI Switch\n - JG304B HP 3600-24 v2 SI Switch\n - JG305A HP 3600-48 v2 SI Switch\n - JG305B HP 3600-48 v2 SI Switch\n - JG306A HP 3600-24-PoE+ v2 SI Switch\n - JG306B HP 3600-24-PoE+ v2 SI Switch\n - JG306C HP 3600-24-PoE+ v2 SI Switch\n - JG307A HP 3600-48-PoE+ v2 SI Switch\n - JG307B HP 3600-48-PoE+ v2 SI Switch\n - JG307C HP 3600-48-PoE+ v2 SI Switch\n + **3100V2-48 (Comware 5) - Version: R2110P06**\n * HP Network Products\n - JG315A HP 3100-48 v2 Switch\n - JG315B HP 3100-48 v2 Switch\n + **HP870 (Comware 5) - Version: R2607P46**\n * HP Network Products\n - JG723A HP 870 Unified Wired-WLAN Appliance\n - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n + **HP850 (Comware 5) - Version: R2607P46**\n * HP Network Products\n - JG722A HP 850 Unified Wired-WLAN Appliance\n - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n + **HP830 (Comware 5) - Version: R3507P46**\n * HP Network Products\n - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n + **HP6000 (Comware 5) - Version: R2507P46**\n * HP Network Products\n - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n + **WX5004-EI (Comware 5) - Version: R2507P46**\n * HP Network Products\n - JD447B HP WX5002 Access Controller\n - JD448A HP WX5004 Access Controller\n - JD448B HP WX5004 Access Controller\n - JD469A HP WX5004 Access Controller\n + **SecBlade FW (Comware 5) - Version: R3181P07**\n * HP Network Products\n - JC635A HP 12500 VPN Firewall Module\n - JD245A HP 9500 VPN Firewall Module\n - JD249A HP 10500/7500 Advanced VPN Firewall Module\n - JD250A HP 6600 Firewall Processing Router Module\n - JD251A HP 8800 Firewall Processing Module\n - JD255A HP 5820 VPN Firewall Module\n + **F1000-E (Comware 5) - Version: R3181P07**\n * HP Network Products\n - JD272A HP F1000-E VPN Firewall Appliance\n + **F1000-A-EI (Comware 5) - Version: R3734P08**\n * HP Network Products\n - JG214A HP F1000-A-EI VPN Firewall Appliance\n + **F1000-S-EI (Comware 5) - Version: R3734P08**\n * HP Network Products\n - JG213A HP F1000-S-EI VPN Firewall Appliance\n + **F5000-A (Comware 5) - Version: F3210P26**\n * HP Network Products\n - JD259A HP A5000-A5 VPN Firewall Chassis\n - JG215A HP F5000 Firewall Main Processing Unit\n - JG216A HP F5000 Firewall Standalone Chassis\n + **U200S and CS (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD273A HP U200-S UTM Appliance\n + **U200A and M (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD275A HP U200-A UTM Appliance\n + **F5000-C/S (Comware 5) - Version: R3811P05**\n * HP Network Products\n - JG650A HP F5000-C VPN Firewall Appliance\n - JG370A HP F5000-S VPN Firewall Appliance\n + **SecBlade III (Comware 5) - Version: R3820P06**\n * HP Network Products\n - JG371A HP 12500 20Gbps VPN Firewall Module\n - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC165A) HP 6600 RPE-X1 Router Module\n - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC176A) HP 6602 Router Chassis\n + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **SMB1910 (Comware 5) - Version: R1111**\n * HP Network Products\n - JG540A HP 1910-48 Switch\n - JG539A HP 1910-24-PoE+ Switch\n - JG538A HP 1910-24 Switch\n - JG537A HP 1910-8 -PoE+ Switch\n - JG536A HP 1910-8 Switch\n + **SMB1920 (Comware 5) - Version: R1109**\n * HP Network Products\n - JG928A HP 1920-48G-PoE+ (370W) Switch\n - JG927A HP 1920-48G Switch\n - JG926A HP 1920-24G-PoE+ (370W) Switch\n - JG925A HP 1920-24G-PoE+ (180W) Switch\n - JG924A HP 1920-24G Switch\n - JG923A HP 1920-16G Switch\n - JG922A HP 1920-8G-PoE+ (180W) Switch\n - JG921A HP 1920-8G-PoE+ (65W) Switch\n - JG920A HP 1920-8G Switch\n + **V1910 (Comware 5) - Version: R1516**\n * HP Network Products\n - JE005A HP 1910-16G Switch\n - JE006A HP 1910-24G Switch\n - JE007A HP 1910-24G-PoE (365W) Switch\n - JE008A HP 1910-24G-PoE(170W) Switch\n - JE009A HP 1910-48G Switch\n - JG348A HP 1910-8G Switch\n - JG349A HP 1910-8G-PoE+ (65W) Switch\n - JG350A HP 1910-8G-PoE+ (180W) Switch\n + **SMB 1620 (Comware 5) - Version: R1108**\n * HP Network Products\n - JG914A HP 1620-48G Switch\n - JG913A HP 1620-24G Switch\n - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7376**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: R7170**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: R1138P01**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: R2422P01**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: R0305P04**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: E0321P01**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: R2138P01**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: R3109P16**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **5700 (Comware 7) - Version: R2422P01**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: R2422P01**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: R7103P05**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: R7103P05**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: R3109P16**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: R7170**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n - JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n - JG659AAE HP IMC Smart Connect VAE E-LTU\n - JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\n - JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n * HP Network Products\n - JD456A HP IMC WSM Software Module with 50-Access Point License\n - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n + **VCX - Version: 9.8.18**\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1p\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1793\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The vulnerability could be exploited to allow remote\nauthentication bypass. \n\nNote: HP C.A. contains a version of Node.js, that when used in FIPS mode is\naffected by Alternative Chains Certificate Forgery Vulnerability\n(CVE-2015-1793). The patch\nis available from HP Software Support Online portal (HP SSO). \n\nNote: This patch includes Node.js for FIPS mode that includes the newer\nversion of OpenSSL (1.0.2d) which addresses the vulnerability. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:12.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL alternate chains certificate forgery vulnerability\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-07-09\nCredits: Adam Langley/David Benjamin (Google/BoringSSL), OpenSSL\nAffects: FreeBSD 10.1-STABLE after 2015-06-11 and prior to the\n correction date. \nCorrected: 2015-07-09 17:17:22 UTC (stable/10, 10.2-PRERELEASE,\n 10.2-BETA1)\nCVE Name: CVE-2015-1793\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. \n\nAn error in the implementation of this logic could erroneously mark\ncertificate as trusted when they should not. \n\nIII. \n\nIV. Workaround\n\nNo workaround is available. \n\nNOTE WELL: This issue does not affect earlier FreeBSD releases, including the\nsupported 8.4, 9.3 and 10.1-RELEASE because the alternative certificate chain\nfeature was not introduced in these releases. Only 10.1-STABLE after\n2015-06-11 and prior to the correction date is affected. \n\nV. Solution\n\nUpgrade your vulnerable system to the latest supported FreeBSD stable/10\nbranch dated after the correction date. \n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/10/ r285330\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nThis issue will impact any application that verifies certificates including\nSSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. \n\nOpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d\nOpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p\n\nThis issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David\nBenjamin (Google/BoringSSL). The fix was developed by the BoringSSL project. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150709.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-1793" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "BID", "id": "75652" }, { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "VULMON", "id": "CVE-2015-1793" }, { "db": "PACKETSTORM", "id": "132973" }, { "db": "PACKETSTORM", "id": "137772" }, { "db": "PACKETSTORM", "id": "132642" }, { "db": "PACKETSTORM", "id": "133793" }, { "db": "PACKETSTORM", "id": "132646" }, { "db": "PACKETSTORM", "id": "132625" } ], "trust": 2.7 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-79754", "trust": 0.1, "type": "unknown" }, { "reference": "https://www.scap.org.cn/vuln/vhn-81961", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38640", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "VULMON", "id": "CVE-2015-1793" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-1793", "trust": 3.6 }, { "db": "JUNIPER", "id": "JSA10694", "trust": 1.5 }, { "db": "BID", "id": "75652", "trust": 1.5 }, { "db": "BID", "id": "91787", "trust": 1.3 }, { "db": "EXPLOIT-DB", "id": "38640", "trust": 1.2 }, { "db": "SECTRACK", "id": "1032817", "trust": 1.2 }, { "db": "MCAFEE", "id": "SB10125", "trust": 1.2 }, { "db": "JVN", "id": "JVNVU99160787", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-003487", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201507-298", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "132625", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "133793", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132642", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132646", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "132843", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134250", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132634", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-79754", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032864", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033341", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032777", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032727", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032871", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032475", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032783", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032653", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032702", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033222", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032865", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033065", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033208", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033019", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033991", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032759", "trust": 0.1 }, { "db": "SECTRACK", "id": "1040630", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032910", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033067", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032637", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033064", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032654", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032656", "trust": 0.1 }, { "db": "SECTRACK", "id": "1034087", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032932", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033385", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032652", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032688", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032699", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032649", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032960", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032647", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032474", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033210", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032778", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033416", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033891", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032884", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032651", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033760", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033433", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032476", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032784", "trust": 0.1 }, { "db": "SECTRACK", "id": "1036218", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032856", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033430", "trust": 0.1 }, { "db": "SECTRACK", "id": "1034884", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032655", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032650", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032648", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033513", "trust": 0.1 }, { "db": "SECTRACK", "id": "1033209", "trust": 0.1 }, { "db": "SECTRACK", "id": "1032645", "trust": 0.1 }, { "db": "SECTRACK", "id": "1034728", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132413", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132649", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132586", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132164", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132610", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135506", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136247", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137744", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132439", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132652", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139002", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135510", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132465", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133338", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132468", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134232", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134902", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133324", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136975", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134755", "trust": 0.1 }, { "db": "JUNIPER", "id": "JSA10681", "trust": 0.1 }, { "db": "JUNIPER", "id": "JSA10727", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201505-428", "trust": 0.1 }, { "db": "BID", "id": "74733", "trust": 0.1 }, { "db": "MCAFEE", "id": "SB10122", "trust": 0.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/05/20/8", "trust": 0.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-81961", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-1793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132973", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137772", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "VULMON", "id": "CVE-2015-1793" }, { "db": "BID", "id": "75652" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "PACKETSTORM", "id": "132973" }, { "db": "PACKETSTORM", "id": "137772" }, { "db": "PACKETSTORM", "id": "132642" }, { "db": "PACKETSTORM", "id": "133793" }, { "db": "PACKETSTORM", "id": "132646" }, { "db": "PACKETSTORM", "id": "132625" }, { "db": "CNNVD", "id": "CNNVD-201507-298" }, { "db": "NVD", "id": "CVE-2015-1793" } ] }, "id": "VAR-201507-0348", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" } ], "trust": 0.74851742 }, "last_update_date": "2024-07-23T19:37:42.535000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20150710-openssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl" }, { "title": "Fix alternate chains certificate forgery issue", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "title": "Add test for CVE-2015-1793", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/f404943bcab4898d18f3ac1b36479d1d7bbbb9e6" }, { "title": "HPSBUX03388", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2" }, { "title": "HPSBGN03424", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "title": "HPSBHF03613", "trust": 0.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351" }, { "title": "HPSBMU03546", "trust": 0.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763" }, { "title": "NV15-010", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html" }, { "title": "OpenSSL Security Advisory [9 Jul 2015]", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150709.txt" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "April 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update" }, { "title": "October 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "JSA10694", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694" }, { "title": "cisco-sa-20150710-openssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/113/1130/1130208_cisco-sa-20150710-openssl-j.html" }, { "title": "openssl-1.0.2d", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56655" }, { "title": "openssl-1.0.1p", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56654" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/" }, { "title": "Amazon Linux AMI: ALAS-2015-564", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-564" }, { "title": "Red Hat: CVE-2015-1793", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1793" }, { "title": "Symantec Security Advisories: SA101 : OpenSSL Security Advisory 09-July-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=bb24cf23a4d911e95562099e0e8d0f2d" }, { "title": "Tenable Security Advisories: [R5] OpenSSL \u002720150709\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-08" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-4000 " }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-1788 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1793" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "CNNVD", "id": "CNNVD-201507-298" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-254", "trust": 1.1 }, { "problemtype": "CWE-Other", "trust": 0.8 }, { "problemtype": "CWE-310", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "NVD", "id": "CVE-2015-1793" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://openssl.org/news/secadv_20150709.txt" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.5, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150710-openssl" }, { "trust": 1.5, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/75652" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.3, "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "trust": 1.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.3, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.3, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763" }, { "trust": 1.3, "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/38640/" }, { "trust": 1.3, "url": "https://security.gentoo.org/glsa/201507-15" }, { "trust": 1.3, "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc" }, { "trust": 1.2, "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "trust": 1.2, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.2, "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" }, { "trust": 1.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04822825" }, { "trust": 1.2, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-july/161747.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-july/161782.html" }, { "trust": 1.2, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:12.openssl.asc" }, { "trust": 1.2, "url": "http://www.securitytracker.com/id/1032817" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10125" }, { "trust": 1.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1793" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99160787/index.html" }, { "trust": 0.8, "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1793" }, { "trust": 0.8, "url": "https://cryptanalysis.eu/blog/2015/07/09/bypassing-certificate-checks-in-openssl-1-0-2c-cve-2015-1793/" }, { "trust": 0.7, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793" }, { "trust": 0.4, "url": "https://www.openssl.org/news/secadv_20150709.txt" }, { "trust": 0.3, "url": "https://mta.openssl.org/pipermail/openssl-announce/2015-july/000037.html" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://support.asperasoft.com/entries/94843988-security-bulletin-openssl-,-tls-vulnerabilities-logjam-cve-2015-4000" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/13" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04822825" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351" }, { "trust": 0.3, "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-454058.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964231" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21965399" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962398" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962929" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963448" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html#2015-1793" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965725" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965807" }, { "trust": 0.2, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10694" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10125" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144370846326989\u0026amp;w=2" }, { "trust": 0.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.561427" }, { "trust": 0.1, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html" }, { "trust": 0.1, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "trust": 0.1, "url": "http://www.securityfocus.com/bid/74733" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 0.1, "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04876402" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04949778" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10681" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10727" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht204941" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht204942" }, { "trust": 0.1, "url": "http://support.citrix.com/article/ctx201114" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455" }, { "trust": 0.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816" }, { "trust": 0.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893" }, { "trust": 0.1, "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack" }, { "trust": 0.1, "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 0.1, "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm" }, { "trust": 0.1, "url": "https://bto.bluecoat.com/security-advisory/sa98" }, { "trust": 0.1, "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554" }, { "trust": 0.1, "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.1_release_notes" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04770140" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04772190" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773119" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04832246" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04918839" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923929" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04926789" }, { "trust": 0.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04740527" }, { "trust": 0.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04953655" }, { "trust": 0.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128722" }, { "trust": 0.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05193083" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10122" }, { "trust": 0.1, "url": "https://openssl.org/news/secadv/20150611.txt" }, { "trust": 0.1, "url": "https://puppet.com/security/cve/cve-2015-4000" }, { "trust": 0.1, "url": "https://security.netapp.com/advisory/ntap-20150619-0001/" }, { "trust": 0.1, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03831en_us" }, { "trust": 0.1, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745" }, { "trust": 0.1, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098403" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150611.txt" }, { "trust": 0.1, "url": "https://www.suse.com/security/cve/cve-2015-4000.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/2015/dsa-3287" }, { "trust": 0.1, "url": "http://www.debian.org/security/2015/dsa-3300" }, { "trust": 0.1, "url": "http://www.debian.org/security/2015/dsa-3316" }, { "trust": 0.1, "url": "http://www.debian.org/security/2015/dsa-3324" }, { "trust": 0.1, "url": "http://www.debian.org/security/2015/dsa-3339" }, { "trust": 0.1, "url": "http://www.debian.org/security/2016/dsa-3688" }, { "trust": 0.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159351.html" }, { "trust": 0.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/159314.html" }, { "trust": 0.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160117.html" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/201506-02" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/201512-10" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/201603-11" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/201701-46" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143557934009303\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143628304012255\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143558092609708\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143655800220052\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144060576831314\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144069189622016\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144050121701297\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144060606031437\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144102017024820\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144061542602287\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=145409266329539\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144043644216842\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143506486712441\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144104533800819\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143637549705650\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144493176821532\u0026amp;w=2" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04718196" }, { "trust": 0.1, "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/" }, { "trust": 0.1, "url": "https://weakdh.org/" }, { "trust": 0.1, "url": "https://weakdh.org/imperfect-forward-secrecy.pdf" }, { "trust": 0.1, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 0.1, "url": "http://openwall.com/lists/oss-security/2015/05/20/8" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1072.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1185.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1228.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1229.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1230.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1241.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1242.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1243.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1485.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1486.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1488.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1526.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1544.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1604.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-1624.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032474" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032475" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032476" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032637" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032645" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032647" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032648" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032649" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032650" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032651" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032652" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032653" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032654" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032655" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032656" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032688" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032699" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032702" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032727" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032759" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032777" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032778" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032783" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032784" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032856" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032864" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032865" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032871" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032884" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032910" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032932" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1032960" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033019" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033064" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033065" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033067" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033208" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033209" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033210" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033222" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033341" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033385" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033416" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033430" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033433" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033513" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033760" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033891" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1033991" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1034087" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1034728" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1034884" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1036218" }, { "trust": 0.1, "url": "http://www.securitytracker.com/id/1040630" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html" }, { "trust": 0.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2656-1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2656-2" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2673-1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2696-1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2706-1" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/254.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1793" }, { "trust": 0.1, "url": "https://software" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150709.txt\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:12.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1793\u003e" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "VULMON", "id": "CVE-2015-1793" }, { "db": "BID", "id": "75652" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "PACKETSTORM", "id": "132973" }, { "db": "PACKETSTORM", "id": "137772" }, { "db": "PACKETSTORM", "id": "132642" }, { "db": "PACKETSTORM", "id": "133793" }, { "db": "PACKETSTORM", "id": "132646" }, { "db": "PACKETSTORM", "id": "132625" }, { "db": "CNNVD", "id": "CNNVD-201507-298" }, { "db": "NVD", "id": "CVE-2015-1793" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-79754" }, { "db": "VULHUB", "id": "VHN-81961" }, { "db": "VULMON", "id": "CVE-2015-1793" }, { "db": "BID", "id": "75652" }, { "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "db": "PACKETSTORM", "id": "132973" }, { "db": "PACKETSTORM", "id": "137772" }, { "db": "PACKETSTORM", "id": "132642" }, { "db": "PACKETSTORM", "id": "133793" }, { "db": "PACKETSTORM", "id": "132646" }, { "db": "PACKETSTORM", "id": "132625" }, { "db": "CNNVD", "id": "CNNVD-201507-298" }, { "db": "NVD", "id": "CVE-2015-1793" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-07-09T00:00:00", "db": "VULHUB", "id": "VHN-79754" }, { "date": "2015-05-21T00:00:00", "db": "VULHUB", "id": "VHN-81961" }, { "date": "2015-07-09T00:00:00", "db": "VULMON", "id": "CVE-2015-1793" }, { "date": "2015-07-09T00:00:00", "db": "BID", "id": "75652" }, { "date": "2015-07-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "date": "2015-08-06T10:10:00", "db": "PACKETSTORM", "id": "132973" }, { "date": "2016-07-05T18:18:00", "db": "PACKETSTORM", "id": "137772" }, { "date": "2015-07-10T15:43:49", "db": "PACKETSTORM", "id": "132642" }, { "date": "2015-10-01T15:52:56", "db": "PACKETSTORM", "id": "133793" }, { "date": "2015-07-10T15:53:18", "db": "PACKETSTORM", "id": "132646" }, { "date": "2015-07-09T23:03:33", "db": "PACKETSTORM", "id": "132625" }, { "date": "2015-07-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201507-298" }, { "date": "2015-07-09T19:17:00.093000", "db": "NVD", "id": "CVE-2015-1793" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-30T00:00:00", "db": "VULHUB", "id": "VHN-79754" }, { "date": "2023-02-09T00:00:00", "db": "VULHUB", "id": "VHN-81961" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-1793" }, { "date": "2016-10-26T05:10:00", "db": "BID", "id": "75652" }, { "date": "2016-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-003487" }, { "date": "2015-07-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201507-298" }, { "date": "2023-11-07T02:24:55.670000", "db": "NVD", "id": "CVE-2015-1793" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "133793" }, { "db": "CNNVD", "id": "CNNVD-201507-298" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Vulnerabilities in certificate chain validation failure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-003487" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "75652" } ], "trust": 0.3 } }
ghsa-4j29-v246-6w5w
Vulnerability from github
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
{ "affected": [], "aliases": [ "CVE-2015-1793" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2015-07-09T19:17:00Z", "severity": "MODERATE" }, "details": "The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.", "id": "GHSA-4j29-v246-6w5w", "modified": "2022-05-14T01:54:34Z", "published": "2022-05-14T01:54:34Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1793" }, { "type": "WEB", "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8" }, { "type": "WEB", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "type": "WEB", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" }, { "type": "WEB", "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "type": "WEB", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10125" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201507-15" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/38640" }, { "type": "WEB", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc" }, { "type": "WEB", "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "type": "WEB", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" }, { "type": "WEB", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=144370846326989\u0026w=2" }, { "type": "WEB", "url": "http://openssl.org/news/secadv_20150709.txt" }, { "type": "WEB", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl" }, { "type": "WEB", "url": "http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/75652" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/91787" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1032817" }, { "type": "WEB", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.561427" }, { "type": "WEB", "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.