var-200312-0218
Vulnerability from variot
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. This issue is also known to affect numerous Cisco products. It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. Oracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. This BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database.
TITLE: Red Hat update for openssl
SECUNIA ADVISORY ID: SA17398
VERIFY ADVISORY: http://secunia.com/advisories/17398/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/
DESCRIPTION: Red Hat has issued an update for openssl. http://rhn.redhat.com/
ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2005-829.html
OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]
Denial of Service in ASN.1 parsing
Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.
Subsequent to that release, Novell Inc. carried out further testing using the NISCC suite. This could be performed for example by sending a client certificate to a SSL/TLS enabled server which is configured to accept them.
Patches for this issue have been created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.
Who is affected?
OpenSSL 0.9.6k is affected by the bug, but the denial of service does not affect all platforms. This issue does not affect OpenSSL 0.9.7. Currently only OpenSSL running on Windows platforms is known to crash.
Recommendations
Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL applications statically linked to OpenSSL libraries.
OpenSSL 0.9.6l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):
o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file name is:
o openssl-0.9.6l.tar.gz [normal]
MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27
o openssl-engine-0.9.6l.tar.gz [engine]
MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c
The checksums were calculated using the following command:
openssl md5 < openssl-0.9.6l.tar.gz
openssl md5 < openssl-engine-0.9.6l.tar.gz
References
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851
URL for this Security Advisory: https://www.openssl.org/news/secadv_20031104.txt
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200312-0218", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.8, "vendor": "openssl", "version": "0.9.6k" }, { "model": "ios", "scope": "eq", "trust": 1.6, "vendor": "cisco", "version": "12.2sy" }, { "model": "ios", "scope": "eq", "trust": 1.6, "vendor": "cisco", "version": "12.1\\(11b\\)e" }, { "model": "ios", "scope": "eq", "trust": 1.6, "vendor": "cisco", "version": "12.1\\(11\\)e" }, { "model": "ios", "scope": "eq", "trust": 1.6, "vendor": "cisco", "version": "12.2sx" }, { "model": "netbsd", "scope": "eq", "trust": 1.1, "vendor": "netbsd", "version": "1.6.1" }, { "model": "netbsd", "scope": "eq", "trust": 1.1, "vendor": "netbsd", "version": "1.6" }, { "model": "pix firewall", "scope": "eq", "trust": 1.1, "vendor": "cisco", "version": "6.2" }, { "model": "pix firewall", "scope": "eq", "trust": 1.1, "vendor": "cisco", "version": "6.1" }, { "model": "pix firewall", "scope": "eq", "trust": 1.1, "vendor": "cisco", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "pix firewall", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2.2_.111" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2\\(3\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(3\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.1\\(1\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(4\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "css11000 content services switch", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.1\\(5\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.3\\(1\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.1\\(3\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(4.101\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2\\(1\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.2\\(2\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.3\\(3.102\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.1\\(2\\)" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(1\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "pix firewall software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "6.1\\(4\\)" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "netbsd", "scope": "eq", "trust": 0.8, "vendor": "netbsd", "version": "1.5" }, { "model": "netbsd", "scope": "eq", "trust": 0.8, "vendor": "netbsd", "version": "1.5.1" }, { "model": "netbsd", "scope": "eq", "trust": 0.8, "vendor": "netbsd", "version": "1.5.2" }, { "model": "netbsd", "scope": "eq", "trust": 0.8, "vendor": "netbsd", "version": "1.5.3" }, { "model": "propack", "scope": "eq", "trust": 0.8, "vendor": "sgi", "version": "2.3" }, { "model": "propack", "scope": "eq", "trust": 0.8, "vendor": "sgi", "version": "2.4" }, { "model": "pix firewall", "scope": "eq", "trust": 0.8, "vendor": "cisco", "version": "6.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1 (ws)" }, { "model": "ios 12.1 e", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "irix m", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.21" }, { "model": "irix f", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.21" }, { "model": "irix m", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.20" }, { "model": "irix f", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.20" }, { "model": "irix m", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "irix f", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.22" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.21" }, { "model": "software opera web browser", "scope": "eq", "trust": 0.3, "vendor": "opera", "version": "7.20" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.3(1)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.2.2.111" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.2.2" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.2.1" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.2(3)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.2(1)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1.4" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1.3" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(5)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(4)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(3)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(2)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(1)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0.4" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0.3" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0(4.101)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0(4)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0(2)" }, { "model": "pix firewall", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0(1)" }, { "model": "ios 12.2sy", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ios 12.2sx", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ios 12.1 e12", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ios 12.1 ec", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ios 12.1 ea1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "firewall services module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.1(0.208)" }, { "model": "css11000 content services switch", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "software opera web browser", "scope": "ne", "trust": 0.3, "vendor": "opera", "version": "7.23" }, { "model": "project openssl c", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl l", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "coat systems security gateway os", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "3.1.2" }, { "model": "coat systems security gateway os", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "2.1.10" }, { "model": "coat systems cacheos ca/sa", "scope": "ne", "trust": 0.3, "vendor": "blue", "version": "4.1.12" }, { "model": "oneworld xe/erp8 applications sp22", "scope": null, "trust": 0.3, "vendor": "peoplesoft", "version": null }, { "model": "enterpriseone applications", "scope": "eq", "trust": 0.3, "vendor": "peoplesoft", "version": "8.93" }, { "model": "enterpriseone applications sp2", "scope": "eq", "trust": 0.3, "vendor": "peoplesoft", "version": "8.9" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.6" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0.5" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1.5" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1.4" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.6" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0.5" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1.5" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1.4" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0.5" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1.5" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1.4" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.3.1" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2.3" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "oracle8i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7.4" }, { "model": "oracle8i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7.4.0" }, { "model": "oracle10g standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.4" }, { "model": "oracle10g standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3.1" }, { "model": "oracle10g standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3" }, { "model": "oracle10g standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.2" }, { "model": "oracle10g personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.4" }, { "model": "oracle10g personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3.1" }, { "model": "oracle10g personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3" }, { "model": "oracle10g personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.2" }, { "model": "oracle10g enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.4" }, { "model": "oracle10g enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3.1" }, { "model": "oracle10g enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3" }, { "model": "oracle10g enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.2" }, { "model": "oracle10g application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.2" }, { "model": "oracle10g application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3.1" }, { "model": "oracle10g application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4.1" }, { "model": "oracle10g application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4.0" }, { "model": "enterprise manager grid control 10g", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3" }, { "model": "enterprise manager grid control 10g", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.4.0" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.10" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.9" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.8" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.7" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.6" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.5" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.4" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.3" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.2" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.1" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5" }, { "model": "e-business suite", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "collaboration suite release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "29.0.4.2" }, { "model": "collaboration suite release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "29.0.4.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#412478" }, { "db": "BID", "id": "8970" }, { "db": "BID", "id": "13139" }, { "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "db": "CNNVD", "id": "CNNVD-200312-003" }, { "db": "NVD", "id": "CVE-2003-0851" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0851" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "David Litchfield\u203b david@nextgenss.com", "sources": [ { "db": "CNNVD", "id": "CNNVD-200312-003" } ], "trust": 0.6 }, "cve": "CVE-2003-0851", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2003-0851", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-7676", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2003-0851", "trust": 1.8, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#412478", "trust": 0.8, "value": "3.23" }, { "author": "CNNVD", "id": "CNNVD-200312-003", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-7676", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#412478" }, { "db": "VULHUB", "id": "VHN-7676" }, { "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "db": "CNNVD", "id": "CNNVD-200312-003" }, { "db": "NVD", "id": "CVE-2003-0851" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. OpenSSL Is ASN.1 (Abstract Syntax Notation One) A vulnerability that causes deep recursion exists due to poor handling of sequences.By sending a client certificate crafted by a third party to the target host, OpenSSL Server using the library interferes with service operation (DoS) It may be in a state. A problem has been identified in OpenSSL when handling specific types of ASN.1 requests. \nThis issue is also known to affect numerous Cisco products. It is possible that other vendors will also be acknowledging this issue and providing fixes. Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business and Applications, Oracle Enterprise Manager Grid Control, and Oracle PeopleSoft Applications are reported prone to multiple vulnerabilities. \nOracle has released a Critical Patch Update to address these issues in various supported applications and platforms. Other non-supported versions may be affected, but Symantec has not confirmed this. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. While various levels of authorization are required to leverage some issues, others do not require any authorization. \nThis BID will be divided and updated into separate BIDs when more information is available. An attacker could exploit these vulnerabilities to take complete control of an affected database. \n\nTITLE:\nRed Hat update for openssl\n\nSECUNIA ADVISORY ID:\nSA17398\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17398/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nRedHat Linux Advanced Workstation 2.1 for Itanium\nhttp://secunia.com/product/1326/\nRedHat Enterprise Linux WS 2.1\nhttp://secunia.com/product/1044/\nRedHat Enterprise Linux ES 2.1\nhttp://secunia.com/product/1306/\nRedHat Enterprise Linux AS 2.1\nhttp://secunia.com/product/48/\n\nDESCRIPTION:\nRed Hat has issued an update for openssl. \nhttp://rhn.redhat.com/\n\nORIGINAL ADVISORY:\nhttp://rhn.redhat.com/errata/RHSA-2005-829.html\n\nOTHER REFERENCES:\nSA11139:\nhttp://secunia.com/advisories/11139/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. OpenSSL Security Advisory [4 November 2003]\n\nDenial of Service in ASN.1 parsing\n==================================\n\nPreviously, OpenSSL 0.9.6k was released on the 30 September 2003 to\naddress various ASN.1 issues. The issues were found using a test\nsuite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. \n\nSubsequent to that release, Novell Inc. carried out further testing\nusing the NISCC suite. This could be\nperformed for example by sending a client certificate to a SSL/TLS\nenabled server which is configured to accept them. \n\nPatches for this issue have been created by Dr Stephen Henson\n(steve@openssl.org) of the OpenSSL core team. \n\nWho is affected?\n----------------\n\nOpenSSL 0.9.6k is affected by the bug, but the denial of service does\nnot affect all platforms. This issue does not affect OpenSSL 0.9.7. \nCurrently only OpenSSL running on Windows platforms is known to crash. \n\nRecommendations\n---------------\n\nUpgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL\napplications statically linked to OpenSSL libraries. \n\nOpenSSL 0.9.6l is available for download via HTTP and FTP from the\nfollowing master locations (you can find the various FTP mirrors under\nhttps://www.openssl.org/source/mirror.html):\n\n o https://www.openssl.org/source/\n o ftp://ftp.openssl.org/source/\n\nThe distribution file name is:\n\n o openssl-0.9.6l.tar.gz [normal]\n MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27\n o openssl-engine-0.9.6l.tar.gz [engine]\n MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c\n\nThe checksums were calculated using the following command:\n\n openssl md5 \u003c openssl-0.9.6l.tar.gz\n openssl md5 \u003c openssl-engine-0.9.6l.tar.gz\n\nReferences\n----------\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0851 to this issue. \n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20031104.txt\n", "sources": [ { "db": "NVD", "id": "CVE-2003-0851" }, { "db": "CERT/CC", "id": "VU#412478" }, { "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "db": "BID", "id": "8970" }, { "db": "BID", "id": "13139" }, { "db": "VULHUB", "id": "VHN-7676" }, { "db": "PACKETSTORM", "id": "41200" }, { "db": "PACKETSTORM", "id": "169672" } ], "trust": 3.15 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#412478", "trust": 3.3 }, { "db": "NVD", "id": "CVE-2003-0851", "trust": 3.2 }, { "db": "BID", "id": "8970", "trust": 2.8 }, { "db": "SECUNIA", "id": "17381", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2003-000331", "trust": 0.8 }, { "db": "NETBSD", "id": "NETBSD-SA2004-003", "trust": 0.6 }, { "db": "OVAL", "id": "OVAL:ORG.MITRE.OVAL:DEF:5528", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20040508 [FLSA-2004:1395] UPDATED OPENSSL RESOLVES SECURITY VULNERABILITY", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20031104 [OPENSSL ADVISORY] DENIAL OF SERVICE IN ASN.1 PARSING", "trust": 0.6 }, { "db": "CISCO", "id": "20030930 SSL IMPLEMENTATION VULNERABILITIES", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2004:119", "trust": 0.6 }, { "db": "SGI", "id": "20040304-01-U", "trust": 0.6 }, { "db": "FEDORA", "id": "FEDORA-2005-1042", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200312-003", "trust": 0.6 }, { "db": "BID", "id": "13139", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-7676", "trust": 0.1 }, { "db": "SECUNIA", "id": "17398", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "41200", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169672", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#412478" }, { "db": "VULHUB", "id": "VHN-7676" }, { "db": "BID", "id": "8970" }, { "db": "BID", "id": "13139" }, { "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "db": "PACKETSTORM", "id": "41200" }, { "db": "PACKETSTORM", "id": "169672" }, { "db": "CNNVD", "id": "CNNVD-200312-003" }, { "db": "NVD", "id": "CVE-2003-0851" } ] }, "id": "VAR-200312-0218", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-7676" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:21:01.334000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20030930-ssl", "trust": 0.8, "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "title": "NetBSD-SA2004-003", "trust": 0.8, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc" }, { "title": "secadv_20031104", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20031104.txt" }, { "title": "RHSA-2004:119", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2004-119.html" }, { "title": "20040304-01-U", "trust": 0.8, "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc" }, { "title": "RHSA-2004:119", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-119j.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000331" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0851" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "http://www.openssl.org/news/secadv_20031104.txt" }, { "trust": 2.5, "url": "http://www.securityfocus.com/bid/8970" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/412478" }, { "trust": 2.5, "url": "http://secunia.com/advisories/17381" }, { "trust": 2.3, "url": "http://rhn.redhat.com/errata/rhsa-2004-119.html" }, { "trust": 2.0, "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml" }, { "trust": 1.7, "url": "http://www.redhat.com/archives/fedora-announce-list/2005-october/msg00087.html" }, { "trust": 1.7, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2004-003.txt.asc" }, { "trust": 1.7, "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-u.asc" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5528" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "trust": 0.8, "url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl2.htm" }, { "trust": 0.8, "url": "http://www.itu.int/itu-t/asn1/" }, { "trust": 0.8, "url": "http://www.itu.int/itu-t/studygroups/com10/languages/" }, { "trust": 0.8, "url": "http://www.cert.org/advisories/ca-2003-26.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0851" }, { "trust": 0.8, "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20031104-00753.xml" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnca-2003-26" }, { "trust": 0.8, "url": "http://jvn.jp/tr/trca-2003-26" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0851" }, { "trust": 0.8, "url": "http://www.cpni.gov.uk/docs/re-20031104-00753.pdf?lang=en" }, { "trust": 0.8, "url": "http://www.cyberpolice.go.jp/important/20031001_103420.html" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106796246511667\u0026w=2" }, { "trust": 0.6, "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5528" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108403850228012\u0026w=2" }, { "trust": 0.3, "url": "http://www.opera.com/windows/changelogs/723/" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2004-139.html" }, { "trust": 0.3, "url": "http://www.bluecoat.com/support/knowledge/advisory_asn1_parsing_0.9.6.l.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf" }, { "trust": 0.3, "url": "http://www.oracle.com/index.html" }, { "trust": 0.3, "url": "http://www.peoplesoft.com:80/corp/en/support/security_index.jsp" }, { "trust": 0.3, "url": "/archive/1/395699" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=106796246511667\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=108403850228012\u0026amp;w=2" }, { "trust": 0.1, "url": "" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/48/" }, { "trust": 0.1, "url": "http://rhn.redhat.com/errata/rhsa-2005-829.html" }, { "trust": 0.1, "url": "http://rhn.redhat.com/" }, { "trust": 0.1, "url": "http://secunia.com/product/1326/" }, { "trust": 0.1, "url": "http://secunia.com/product/1306/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/11139/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/17398/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/1044/" }, { "trust": 0.1, "url": "https://www.openssl.org/source/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0851" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0851" }, { "trust": 0.1, "url": "https://www.niscc.gov.uk)" }, { "trust": 0.1, "url": "https://www.openssl.org/source/mirror.html):" } ], "sources": [ { "db": "CERT/CC", "id": "VU#412478" }, { "db": "VULHUB", "id": "VHN-7676" }, { "db": "BID", "id": "8970" }, { "db": "BID", "id": "13139" }, { "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "db": "PACKETSTORM", "id": "41200" }, { "db": "PACKETSTORM", "id": "169672" }, { "db": "CNNVD", "id": "CNNVD-200312-003" }, { "db": "NVD", "id": "CVE-2003-0851" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#412478" }, { "db": "VULHUB", "id": "VHN-7676" }, { "db": "BID", "id": "8970" }, { "db": "BID", "id": "13139" }, { "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "db": "PACKETSTORM", "id": "41200" }, { "db": "PACKETSTORM", "id": "169672" }, { "db": "CNNVD", "id": "CNNVD-200312-003" }, { "db": "NVD", "id": "CVE-2003-0851" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2003-11-04T00:00:00", "db": "CERT/CC", "id": "VU#412478" }, { "date": "2003-12-01T00:00:00", "db": "VULHUB", "id": "VHN-7676" }, { "date": "2003-11-04T00:00:00", "db": "BID", "id": "8970" }, { "date": "2005-04-12T00:00:00", "db": "BID", "id": "13139" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "date": "2005-11-03T01:02:14", "db": "PACKETSTORM", "id": "41200" }, { "date": "2003-11-04T12:12:12", "db": "PACKETSTORM", "id": "169672" }, { "date": "2003-07-18T00:00:00", "db": "CNNVD", "id": "CNNVD-200312-003" }, { "date": "2003-12-01T05:00:00", "db": "NVD", "id": "CVE-2003-0851" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2003-11-05T00:00:00", "db": "CERT/CC", "id": "VU#412478" }, { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-7676" }, { "date": "2015-03-19T08:52:00", "db": "BID", "id": "8970" }, { "date": "2006-05-05T23:30:00", "db": "BID", "id": "13139" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000331" }, { "date": "2009-03-04T00:00:00", "db": "CNNVD", "id": "CNNVD-200312-003" }, { "date": "2018-10-30T16:26:18.123000", "db": "NVD", "id": "CVE-2003-0851" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "169672" }, { "db": "CNNVD", "id": "CNNVD-200312-003" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL 0.9.6k does not properly handle ASN.1 sequences", "sources": [ { "db": "CERT/CC", "id": "VU#412478" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-200312-003" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.