var-201302-0332
Vulnerability from variot
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. This vulnerability CVE-2013-0169 And related issues.A third party may be able to trigger identification and plain text recovery attacks through statistical analysis of timing data for crafted packets. Mozilla Network Security Services (NSS) is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Relevant releases
VMware ESX 4.1 without patch ESX410-201312001
-
Problem Description
a. Update to ESX service console kernel
The ESX service console kernel is updated to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, CVE-2013-2237, CVE-2013-2232 to these issues.
VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201312401-SG ESX 4.0 ESX patch pendingb.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0791 and CVE-2013-1620 to these issues.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ============== ======== ======= ================= ESXi any ESXi not applicable ESX 4.1 ESX ESX410-201312403-SG ESX 4.0 ESX patch pending -
Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
ESX 4.1
File: ESX410-201312001.zip md5sum: c35763a84db169dd0285442d4129cc18 sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40 http://kb.vmware.com/kb/2061209 ESX410-201312001 contains ESX410-201312401-SG and ESX410-201312403-SG. References
--- kernel (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
--- NSPR and NSS (service console) --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620
- Change log
2013-12-05 VMSA-2013-0015 Initial security advisory in conjunction with the release of ESX 4.1 patches on 2013-12-05. Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2013 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: nss, nss-util, nss-softokn, and nspr security update Advisory ID: RHSA-2013:1144-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1144.html Issue date: 2013-08-07 CVE Names: CVE-2013-0791 CVE-2013-1620 =====================================================================
- Summary:
Updated nss, nss-util, nss-softokn, and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographic module.
It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620)
An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791)
Red Hat would like to thank the Mozilla project for reporting CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter of CVE-2013-0791.
This update also fixes the following bugs:
-
The RHBA-2013:0445 update (which upgraded NSS to version 3.14) prevented the use of certificates that have an MD5 signature. This caused problems in certain environments. With this update, certificates that have an MD5 signature are once again allowed. To prevent the use of certificates that have an MD5 signature, set the "NSS_HASH_ALG_SUPPORT" environment variable to "-MD5". (BZ#957603)
-
Previously, the sechash.h header file was missing, preventing certain source RPMs (such as firefox and xulrunner) from building. (BZ#948715)
-
A memory leak in the nssutil_ReadSecmodDB() function has been fixed. (BZ#984967)
In addition, the nss package has been upgraded to upstream version 3.14.3, the nss-util package has been upgraded to upstream version 3.14.3, the nss-softokn package has been upgraded to upstream version 3.14.3, and the nspr package has been upgraded to upstream version 4.9.5. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#927157, BZ#927171, BZ#927158, BZ#927186)
Users of NSS, NSPR, nss-util, and nss-softokn are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS, NSPR, nss-util, or nss-softokn must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
908234 - CVE-2013-1620 nss: TLS CBC padding timing attack 927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [6.4.z] 927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [6.4.z] 927171 - Rebase to nss-util 3.14.3 as part of the fix for the lucky-13 issue [rhel-6.4.z] 927186 - Rebase to nspr-4.9.5 946947 - CVE-2013-0791 Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40) 984967 - nssutil_ReadSecmodDB() leaks memory [6.4.z] 985955 - nss-softokn: missing partial RELRO [6.4.z]
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm
i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.el6_4.i686.rpm nss-tools-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm
x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm
i386: nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm
x86_64: nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm
x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm
x86_64: nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm
i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.el6_4.i686.rpm nss-tools-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm
ppc64: nspr-4.9.5-2.el6_4.ppc.rpm nspr-4.9.5-2.el6_4.ppc64.rpm nspr-debuginfo-4.9.5-2.el6_4.ppc.rpm nspr-debuginfo-4.9.5-2.el6_4.ppc64.rpm nspr-devel-4.9.5-2.el6_4.ppc.rpm nspr-devel-4.9.5-2.el6_4.ppc64.rpm nss-3.14.3-4.el6_4.ppc.rpm nss-3.14.3-4.el6_4.ppc64.rpm nss-debuginfo-3.14.3-4.el6_4.ppc.rpm nss-debuginfo-3.14.3-4.el6_4.ppc64.rpm nss-devel-3.14.3-4.el6_4.ppc.rpm nss-devel-3.14.3-4.el6_4.ppc64.rpm nss-softokn-3.14.3-3.el6_4.ppc.rpm nss-softokn-3.14.3-3.el6_4.ppc64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.ppc.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.ppc64.rpm nss-softokn-devel-3.14.3-3.el6_4.ppc.rpm nss-softokn-devel-3.14.3-3.el6_4.ppc64.rpm nss-softokn-freebl-3.14.3-3.el6_4.ppc.rpm nss-softokn-freebl-3.14.3-3.el6_4.ppc64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.ppc.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.ppc64.rpm nss-sysinit-3.14.3-4.el6_4.ppc64.rpm nss-tools-3.14.3-4.el6_4.ppc64.rpm nss-util-3.14.3-3.el6_4.ppc.rpm nss-util-3.14.3-3.el6_4.ppc64.rpm nss-util-debuginfo-3.14.3-3.el6_4.ppc.rpm nss-util-debuginfo-3.14.3-3.el6_4.ppc64.rpm nss-util-devel-3.14.3-3.el6_4.ppc.rpm nss-util-devel-3.14.3-3.el6_4.ppc64.rpm
s390x: nspr-4.9.5-2.el6_4.s390.rpm nspr-4.9.5-2.el6_4.s390x.rpm nspr-debuginfo-4.9.5-2.el6_4.s390.rpm nspr-debuginfo-4.9.5-2.el6_4.s390x.rpm nspr-devel-4.9.5-2.el6_4.s390.rpm nspr-devel-4.9.5-2.el6_4.s390x.rpm nss-3.14.3-4.el6_4.s390.rpm nss-3.14.3-4.el6_4.s390x.rpm nss-debuginfo-3.14.3-4.el6_4.s390.rpm nss-debuginfo-3.14.3-4.el6_4.s390x.rpm nss-devel-3.14.3-4.el6_4.s390.rpm nss-devel-3.14.3-4.el6_4.s390x.rpm nss-softokn-3.14.3-3.el6_4.s390.rpm nss-softokn-3.14.3-3.el6_4.s390x.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.s390.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.s390x.rpm nss-softokn-devel-3.14.3-3.el6_4.s390.rpm nss-softokn-devel-3.14.3-3.el6_4.s390x.rpm nss-softokn-freebl-3.14.3-3.el6_4.s390.rpm nss-softokn-freebl-3.14.3-3.el6_4.s390x.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.s390.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.s390x.rpm nss-sysinit-3.14.3-4.el6_4.s390x.rpm nss-tools-3.14.3-4.el6_4.s390x.rpm nss-util-3.14.3-3.el6_4.s390.rpm nss-util-3.14.3-3.el6_4.s390x.rpm nss-util-debuginfo-3.14.3-3.el6_4.s390.rpm nss-util-debuginfo-3.14.3-3.el6_4.s390x.rpm nss-util-devel-3.14.3-3.el6_4.s390.rpm nss-util-devel-3.14.3-3.el6_4.s390x.rpm
x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm
i386: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm
ppc64: nss-debuginfo-3.14.3-4.el6_4.ppc.rpm nss-debuginfo-3.14.3-4.el6_4.ppc64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.ppc.rpm nss-pkcs11-devel-3.14.3-4.el6_4.ppc64.rpm
s390x: nss-debuginfo-3.14.3-4.el6_4.s390.rpm nss-debuginfo-3.14.3-4.el6_4.s390x.rpm nss-pkcs11-devel-3.14.3-4.el6_4.s390.rpm nss-pkcs11-devel-3.14.3-4.el6_4.s390x.rpm
x86_64: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm
i386: nspr-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nss-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-sysinit-3.14.3-4.el6_4.i686.rpm nss-tools-3.14.3-4.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm
x86_64: nspr-4.9.5-2.el6_4.i686.rpm nspr-4.9.5-2.el6_4.x86_64.rpm nspr-debuginfo-4.9.5-2.el6_4.i686.rpm nspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm nspr-devel-4.9.5-2.el6_4.i686.rpm nspr-devel-4.9.5-2.el6_4.x86_64.rpm nss-3.14.3-4.el6_4.i686.rpm nss-3.14.3-4.el6_4.x86_64.rpm nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-devel-3.14.3-4.el6_4.i686.rpm nss-devel-3.14.3-4.el6_4.x86_64.rpm nss-softokn-3.14.3-3.el6_4.i686.rpm nss-softokn-3.14.3-3.el6_4.x86_64.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm nss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-softokn-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm nss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm nss-sysinit-3.14.3-4.el6_4.x86_64.rpm nss-tools-3.14.3-4.el6_4.x86_64.rpm nss-util-3.14.3-3.el6_4.i686.rpm nss-util-3.14.3-3.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-3.el6_4.i686.rpm nss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm nss-util-devel-3.14.3-3.el6_4.i686.rpm nss-util-devel-3.14.3-3.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm
i386: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm
x86_64: nss-debuginfo-3.14.3-4.el6_4.i686.rpm nss-debuginfo-3.14.3-4.el6_4.x86_64.rpm nss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm nss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-0791.html https://www.redhat.com/security/data/cve/CVE-2013-1620.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHBA-2013-0445.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSAo+lXlSAg2UNWIIRAi4kAJ0cXp7GWY8zHYfxviF3R6WB3cOlaACePdnV W7Ph1SnJjPLtEtsqk+XMl68= =LOHk -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:
RHEV Hypervisor for RHEL-6 - noarch
- The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state. (CVE-2013-1620)
It was found that the fix for CVE-2013-0167 released via RHSA-2013:0907 was incomplete. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server.
This updated package provides updated components that include fixes for various security issues. ============================================================================ Ubuntu Security Notice USN-1763-1 March 14, 2013
nss vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
NSS could be made to expose sensitive information over the network.
Software Description: - nss: Network Security Service library
Details:
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: libnss3 3.14.3-0ubuntu0.12.10.1
Ubuntu 12.04 LTS: libnss3 3.14.3-0ubuntu0.12.04.1
Ubuntu 11.10: libnss3 3.14.3-0ubuntu0.11.10.1
Ubuntu 10.04 LTS: libnss3-1d 3.14.3-0ubuntu0.10.04.1
After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743).
The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFRXs87mqjQ0CJFipgRApRiAKDfmdXjMRCxXRr7W07dZkd5EBbggACgvCFx oo9AI76kr1Dhvb157gF22Cc= =5H/+ -----END PGP SIGNATURE-----
.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/nss < 3.15.3 >= 3.15.3
Description
Multiple vulnerabilities have been discovered in the Mozilla Network Security Service. Please review the CVE identifiers referenced below for more details about the vulnerabilities.
Impact
A remote attacker can cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Network Security Service users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.15.3"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2013-1620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1620 [ 2 ] CVE-2013-1739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1739 [ 3 ] CVE-2013-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741 [ 4 ] CVE-2013-2566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566 [ 5 ] CVE-2013-5605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605 [ 6 ] CVE-2013-5606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606 [ 7 ] CVE-2013-5607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-19.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201302-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network security services",
"scope": null,
"trust": 1.4,
"vendor": "mozilla",
"version": null
},
{
"model": "glassfish communications server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "iplanet web proxy server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "opensso",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0-03"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.10"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.10"
},
{
"model": "traffic director",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.6.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "vm server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "traffic director",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "network security services",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.14.3"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "grid control of enterprise manager ops center 11.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "grid control of enterprise manager ops center 12.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "grid control of enterprise manager ops center 12.2"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of glassfish communications server 2.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of glassfish enterprise server 2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle directory server enterprise edition 11.1.1.7"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle directory server enterprise edition 7.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle iplanet web proxy server 4.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle iplanet web server 6.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle iplanet web server 7.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle opensso 3.0-03"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle traffic director 11.1.1.6"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle traffic director 11.1.1.7"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of sun java application server 8.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of sun java application server 8.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 client)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.9.z server)"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.9 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6.4)"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6.4.z)"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 client)"
},
{
"model": "sun java application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.20.5.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "enterprise virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip asm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip webaccelerator hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "ctpview 7.3r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura application server sip core pb23",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager utility services sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.16.1.0.9.8"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.2"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4.0.15"
},
{
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "iplanet web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "aura application server sip core pb28",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "big-ip link controller hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "sun java application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "big-ip edge gateway hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.5.0.15"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8"
},
{
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip wom hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip afm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.1"
},
{
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.2"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "voice portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.1"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "traffic director",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17"
},
{
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "aura application server sip core pb19",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "ctpview 7.0r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.5"
},
{
"model": "traffic director",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "aura application server sip core pb26",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.4"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip gtm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.1"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "ctpview 7.1r3",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "ctpview 7.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0-03"
},
{
"model": "big-ip psm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.6"
},
{
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "enterprise virtualization hypervisor for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "60"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "aura application server sip core pb25",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wom hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "ctpview 7.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "big-ip edge gateway hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.0.9.8"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.3"
},
{
"model": "aura application server sip core pb16",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"model": "big-ip pem hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.2"
},
{
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
}
],
"sources": [
{
"db": "BID",
"id": "57777"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.14.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nadhem J. AlFardan and Kenneth G. Paterson",
"sources": [
{
"db": "BID",
"id": "57777"
}
],
"trust": 0.3
},
"cve": "CVE-2013-1620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-1620",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-1620",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-1620",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. This vulnerability CVE-2013-0169 And related issues.A third party may be able to trigger identification and plain text recovery attacks through statistical analysis of timing data for crafted packets. Mozilla Network Security Services (NSS) is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Relevant releases\n\n VMware ESX 4.1 without patch ESX410-201312001\n\n3. Problem Description\n\n a. Update to ESX service console kernel\n\n The ESX service console kernel is updated to resolve multiple\n security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147,\n CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, \n CVE-2013-2237, CVE-2013-2232 to these issues. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============== ======== ======= =================\n ESXi any ESXi not applicable\n\n ESX 4.1 ESX ESX410-201312401-SG\n ESX 4.0 ESX patch pending \n\n b. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2013-0791 and CVE-2013-1620 to these \n issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============== ======== ======= =================\n ESXi any ESXi not applicable\n\n ESX 4.1 ESX ESX410-201312403-SG\n ESX 4.0 ESX patch pending \n\n4. Solution\n\n Please review the patch/release notes for your product and\n version and verify the checksum of your downloaded file. \n\n ESX 4.1\n -------\n File: ESX410-201312001.zip\n md5sum: c35763a84db169dd0285442d4129cc18\n sha1sum: ee8e1b8d2d383422ff0dde04749c5d89e77d8e40\n http://kb.vmware.com/kb/2061209\n ESX410-201312001 contains ESX410-201312401-SG and ESX410-201312403-SG. References\n\n --- kernel (service console) ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3552\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232\n\n --- NSPR and NSS (service console) ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620\n\n- -------------------------------------------------------------------------\n\n6. Change log\n\n 2013-12-05 VMSA-2013-0015\n Initial security advisory in conjunction with the release of ESX 4.1\n patches on 2013-12-05. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware security response policy\n http://www.vmware.com/support/policies/security_response.html\n\n General support life cycle policy\n http://www.vmware.com/support/policies/eos.html\n\n VMware Infrastructure support life cycle policy\n http://www.vmware.com/support/policies/eos_vi.html\n\n Copyright 2013 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: nss, nss-util, nss-softokn, and nspr security update\nAdvisory ID: RHSA-2013:1144-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-1144.html\nIssue date: 2013-08-07\nCVE Names: CVE-2013-0791 CVE-2013-1620 \n=====================================================================\n\n1. Summary:\n\nUpdated nss, nss-util, nss-softokn, and nspr packages that fix two security\nissues, various bugs, and add enhancements are now available for Red Hat\nEnterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Netscape Portable Runtime (NSPR) provides platform\nindependence for non-GUI operating system facilities. nss-softokn provides\nan NSS softoken cryptographic module. \n\nIt was discovered that NSS leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-1620)\n\nAn out-of-bounds memory read flaw was found in the way NSS decoded certain\ncertificates. If an application using NSS decoded a malformed certificate,\nit could cause the application to crash. (CVE-2013-0791)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter\nof CVE-2013-0791. \n\nThis update also fixes the following bugs:\n\n* The RHBA-2013:0445 update (which upgraded NSS to version 3.14) prevented\nthe use of certificates that have an MD5 signature. This caused problems in\ncertain environments. With this update, certificates that have an MD5\nsignature are once again allowed. To prevent the use of certificates that\nhave an MD5 signature, set the \"NSS_HASH_ALG_SUPPORT\" environment variable\nto \"-MD5\". (BZ#957603)\n\n* Previously, the sechash.h header file was missing, preventing certain\nsource RPMs (such as firefox and xulrunner) from building. (BZ#948715)\n\n* A memory leak in the nssutil_ReadSecmodDB() function has been fixed. \n(BZ#984967)\n\nIn addition, the nss package has been upgraded to upstream version 3.14.3,\nthe nss-util package has been upgraded to upstream version 3.14.3, the\nnss-softokn package has been upgraded to upstream version 3.14.3, and the\nnspr package has been upgraded to upstream version 4.9.5. These updates\nprovide a number of bug fixes and enhancements over the previous versions. \n(BZ#927157, BZ#927171, BZ#927158, BZ#927186)\n\nUsers of NSS, NSPR, nss-util, and nss-softokn are advised to upgrade to\nthese updated packages, which fix these issues and add these enhancements. \nAfter installing this update, applications using NSS, NSPR, nss-util, or\nnss-softokn must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n908234 - CVE-2013-1620 nss: TLS CBC padding timing attack\n927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [6.4.z]\n927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [6.4.z]\n927171 - Rebase to nss-util 3.14.3 as part of the fix for the lucky-13 issue [rhel-6.4.z]\n927186 - Rebase to nspr-4.9.5\n946947 - CVE-2013-0791 Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)\n984967 - nssutil_ReadSecmodDB() leaks memory [6.4.z]\n985955 - nss-softokn: missing partial RELRO [6.4.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm\n\ni386:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-sysinit-3.14.3-4.el6_4.i686.rpm\nnss-tools-3.14.3-4.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\n\nx86_64:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-4.9.5-2.el6_4.x86_64.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.x86_64.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm\nnss-sysinit-3.14.3-4.el6_4.x86_64.rpm\nnss-tools-3.14.3-4.el6_4.x86_64.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm\n\ni386:\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\n\nx86_64:\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.x86_64.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.x86_64.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm\n\nx86_64:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-4.9.5-2.el6_4.x86_64.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.x86_64.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm\nnss-sysinit-3.14.3-4.el6_4.x86_64.rpm\nnss-tools-3.14.3-4.el6_4.x86_64.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm\n\nx86_64:\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.x86_64.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.x86_64.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm\n\ni386:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-sysinit-3.14.3-4.el6_4.i686.rpm\nnss-tools-3.14.3-4.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\n\nppc64:\nnspr-4.9.5-2.el6_4.ppc.rpm\nnspr-4.9.5-2.el6_4.ppc64.rpm\nnspr-debuginfo-4.9.5-2.el6_4.ppc.rpm\nnspr-debuginfo-4.9.5-2.el6_4.ppc64.rpm\nnspr-devel-4.9.5-2.el6_4.ppc.rpm\nnspr-devel-4.9.5-2.el6_4.ppc64.rpm\nnss-3.14.3-4.el6_4.ppc.rpm\nnss-3.14.3-4.el6_4.ppc64.rpm\nnss-debuginfo-3.14.3-4.el6_4.ppc.rpm\nnss-debuginfo-3.14.3-4.el6_4.ppc64.rpm\nnss-devel-3.14.3-4.el6_4.ppc.rpm\nnss-devel-3.14.3-4.el6_4.ppc64.rpm\nnss-softokn-3.14.3-3.el6_4.ppc.rpm\nnss-softokn-3.14.3-3.el6_4.ppc64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.ppc.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.ppc64.rpm\nnss-softokn-devel-3.14.3-3.el6_4.ppc.rpm\nnss-softokn-devel-3.14.3-3.el6_4.ppc64.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.ppc.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.ppc64.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.ppc.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.ppc64.rpm\nnss-sysinit-3.14.3-4.el6_4.ppc64.rpm\nnss-tools-3.14.3-4.el6_4.ppc64.rpm\nnss-util-3.14.3-3.el6_4.ppc.rpm\nnss-util-3.14.3-3.el6_4.ppc64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.ppc.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.ppc64.rpm\nnss-util-devel-3.14.3-3.el6_4.ppc.rpm\nnss-util-devel-3.14.3-3.el6_4.ppc64.rpm\n\ns390x:\nnspr-4.9.5-2.el6_4.s390.rpm\nnspr-4.9.5-2.el6_4.s390x.rpm\nnspr-debuginfo-4.9.5-2.el6_4.s390.rpm\nnspr-debuginfo-4.9.5-2.el6_4.s390x.rpm\nnspr-devel-4.9.5-2.el6_4.s390.rpm\nnspr-devel-4.9.5-2.el6_4.s390x.rpm\nnss-3.14.3-4.el6_4.s390.rpm\nnss-3.14.3-4.el6_4.s390x.rpm\nnss-debuginfo-3.14.3-4.el6_4.s390.rpm\nnss-debuginfo-3.14.3-4.el6_4.s390x.rpm\nnss-devel-3.14.3-4.el6_4.s390.rpm\nnss-devel-3.14.3-4.el6_4.s390x.rpm\nnss-softokn-3.14.3-3.el6_4.s390.rpm\nnss-softokn-3.14.3-3.el6_4.s390x.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.s390.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.s390x.rpm\nnss-softokn-devel-3.14.3-3.el6_4.s390.rpm\nnss-softokn-devel-3.14.3-3.el6_4.s390x.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.s390.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.s390x.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.s390.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.s390x.rpm\nnss-sysinit-3.14.3-4.el6_4.s390x.rpm\nnss-tools-3.14.3-4.el6_4.s390x.rpm\nnss-util-3.14.3-3.el6_4.s390.rpm\nnss-util-3.14.3-3.el6_4.s390x.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.s390.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.s390x.rpm\nnss-util-devel-3.14.3-3.el6_4.s390.rpm\nnss-util-devel-3.14.3-3.el6_4.s390x.rpm\n\nx86_64:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-4.9.5-2.el6_4.x86_64.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.x86_64.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.x86_64.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.x86_64.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-sysinit-3.14.3-4.el6_4.x86_64.rpm\nnss-tools-3.14.3-4.el6_4.x86_64.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\n\ni386:\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\n\nppc64:\nnss-debuginfo-3.14.3-4.el6_4.ppc.rpm\nnss-debuginfo-3.14.3-4.el6_4.ppc64.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.ppc.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.ppc64.rpm\n\ns390x:\nnss-debuginfo-3.14.3-4.el6_4.s390.rpm\nnss-debuginfo-3.14.3-4.el6_4.s390x.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.s390.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nspr-4.9.5-2.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-softokn-3.14.3-3.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-util-3.14.3-3.el6_4.src.rpm\n\ni386:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-sysinit-3.14.3-4.el6_4.i686.rpm\nnss-tools-3.14.3-4.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\n\nx86_64:\nnspr-4.9.5-2.el6_4.i686.rpm\nnspr-4.9.5-2.el6_4.x86_64.rpm\nnspr-debuginfo-4.9.5-2.el6_4.i686.rpm\nnspr-debuginfo-4.9.5-2.el6_4.x86_64.rpm\nnspr-devel-4.9.5-2.el6_4.i686.rpm\nnspr-devel-4.9.5-2.el6_4.x86_64.rpm\nnss-3.14.3-4.el6_4.i686.rpm\nnss-3.14.3-4.el6_4.x86_64.rpm\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-devel-3.14.3-4.el6_4.i686.rpm\nnss-devel-3.14.3-4.el6_4.x86_64.rpm\nnss-softokn-3.14.3-3.el6_4.i686.rpm\nnss-softokn-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-softokn-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-3.14.3-3.el6_4.x86_64.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.i686.rpm\nnss-softokn-freebl-devel-3.14.3-3.el6_4.x86_64.rpm\nnss-sysinit-3.14.3-4.el6_4.x86_64.rpm\nnss-tools-3.14.3-4.el6_4.x86_64.rpm\nnss-util-3.14.3-3.el6_4.i686.rpm\nnss-util-3.14.3-3.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-3.el6_4.x86_64.rpm\nnss-util-devel-3.14.3-3.el6_4.i686.rpm\nnss-util-devel-3.14.3-3.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/nss-3.14.3-4.el6_4.src.rpm\n\ni386:\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\n\nx86_64:\nnss-debuginfo-3.14.3-4.el6_4.i686.rpm\nnss-debuginfo-3.14.3-4.el6_4.x86_64.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.i686.rpm\nnss-pkcs11-devel-3.14.3-4.el6_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-0791.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-1620.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHBA-2013-0445.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFSAo+lXlSAg2UNWIIRAi4kAJ0cXp7GWY8zHYfxviF3R6WB3cOlaACePdnV\nW7Ph1SnJjPLtEtsqk+XMl68=\n=LOHk\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-6 - noarch\n\n3. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. \n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state. (CVE-2013-1620)\n\nIt was found that the fix for CVE-2013-0167 released via RHSA-2013:0907\nwas incomplete. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management\nserver. \n\nThis updated package provides updated components that include fixes for\nvarious security issues. ============================================================================\nUbuntu Security Notice USN-1763-1\nMarch 14, 2013\n\nnss vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nNSS could be made to expose sensitive information over the network. \n\nSoftware Description:\n- nss: Network Security Service library\n\nDetails:\n\nNadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used\nin NSS was vulnerable to a timing side-channel attack known as the\n\"Lucky Thirteen\" issue. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.10:\n libnss3 3.14.3-0ubuntu0.12.10.1\n\nUbuntu 12.04 LTS:\n libnss3 3.14.3-0ubuntu0.12.04.1\n\nUbuntu 11.10:\n libnss3 3.14.3-0ubuntu0.11.10.1\n\nUbuntu 10.04 LTS:\n libnss3-1d 3.14.3-0ubuntu0.10.04.1\n\nAfter a standard system update you need to restart any applications that\nuse NSS, such as Evolution and Chromium, to make all the necessary changes. The issue was not specific to Firefox but there was\n evidence that one of the certificates was used for man-in-the-middle\n (MITM) traffic management of domain names that the customer did not\n legitimately own or control. This issue was resolved by revoking the\n trust for these specific mis-issued certificates (CVE-2013-0743). \n \n The sqlite3 update addresses a crash when using svn commit after\n export MALLOC_CHECK_=3. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFRXs87mqjQ0CJFipgRApRiAKDfmdXjMRCxXRr7W07dZkd5EBbggACgvCFx\noo9AI76kr1Dhvb157gF22Cc=\n=5H/+\n-----END PGP SIGNATURE-----\n\n\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/nss \u003c 3.15.3 \u003e= 3.15.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the Mozilla Network\nSecurity Service. Please review the CVE identifiers referenced below\nfor more details about the vulnerabilities. \n\nImpact\n======\n\nA remote attacker can cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Network Security Service users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.15.3\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-1620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1620\n[ 2 ] CVE-2013-1739\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1739\n[ 3 ] CVE-2013-1741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1741\n[ 4 ] CVE-2013-2566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2566\n[ 5 ] CVE-2013-5605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5605\n[ 6 ] CVE-2013-5606\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5606\n[ 7 ] CVE-2013-5607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5607\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-19.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "BID",
"id": "57777"
},
{
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"db": "PACKETSTORM",
"id": "124315"
},
{
"db": "PACKETSTORM",
"id": "122730"
},
{
"db": "PACKETSTORM",
"id": "122970"
},
{
"db": "PACKETSTORM",
"id": "120811"
},
{
"db": "PACKETSTORM",
"id": "122673"
},
{
"db": "PACKETSTORM",
"id": "121116"
},
{
"db": "PACKETSTORM",
"id": "127174"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1620",
"trust": 3.5
},
{
"db": "BID",
"id": "57777",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/02/05/24",
"trust": 2.0
},
{
"db": "JUNIPER",
"id": "JSA10761",
"trust": 2.0
},
{
"db": "BID",
"id": "64758",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10658",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2013-1620",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120811",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122673",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127174",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"db": "BID",
"id": "57777"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "PACKETSTORM",
"id": "124315"
},
{
"db": "PACKETSTORM",
"id": "122730"
},
{
"db": "PACKETSTORM",
"id": "122970"
},
{
"db": "PACKETSTORM",
"id": "120811"
},
{
"db": "PACKETSTORM",
"id": "122673"
},
{
"db": "PACKETSTORM",
"id": "121116"
},
{
"db": "PACKETSTORM",
"id": "127174"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"id": "VAR-201302-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44401007833333334
},
"last_update_date": "2024-07-23T21:17:58.592000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Network Security Services (NSS)",
"trust": 0.8,
"url": "http://www.mozilla.org/projects/security/pki/nss/"
},
{
"title": "openSUSE-SU-2013:0631",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"title": "openSUSE-SU-2013:0630",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014verbose-1972951.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014verbose-1972954.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"title": "RHSA-2013:1135",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1135.html"
},
{
"title": "RHSA-2013:1144",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1144.html"
},
{
"title": "April 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2014_critical_patch_update"
},
{
"title": "CVE-2013-1620 Lucky Thirteen vulnerability in NSS",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen"
},
{
"title": "January 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2014_critical_patch_update"
},
{
"title": "July 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2014_critical_patch_update"
},
{
"title": "Multiple vulnerabilities fixed in NSS 3.16",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "USN-1763-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-1763-1"
},
{
"title": "NSS-3.14.2",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=45380"
},
{
"title": "Red Hat: Moderate: rhev-hypervisor6 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20131181 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: TLS timing attack in nss (Lucky 13)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=922753fbb34cf77ec7af0a627f0fd311"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1763-1"
},
{
"title": "Amazon Linux AMI: ALAS-2013-217",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-217"
},
{
"title": "Amazon Linux AMI: ALAS-2013-216",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-216"
},
{
"title": "VMware Security Advisories: VMware ESX updates to third party libraries",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d1c0aa2194be6d638d052fb7c02f5806"
},
{
"title": "Amazon Linux AMI: ALAS-2013-265",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-265"
},
{
"title": "Amazon Linux AMI: ALAS-2013-266",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-266"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.isg.rhul.ac.uk/tls/tlstiming.pdf"
},
{
"trust": 2.0,
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-1763-1"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1135.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1144.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/57777"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64758"
},
{
"trust": 1.7,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1620"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1620"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1620"
},
{
"trust": 0.4,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1181.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0791"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/projects/security/pki/nss/"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100175279"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15630.html?ref=rss"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100177694"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100174055"
},
{
"trust": 0.3,
"url": "https://www.vmware.com/security/advisories/vmsa-2013-0015.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1620.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0791.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2013:1181"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1763-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2164"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2147"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3552"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2206"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2061209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2237"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2232"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2164"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2232"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2224"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2234"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2224"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2372"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2147"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2372"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2237"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhba-2013-0445.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4236.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2013-0907.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2013-1155.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4236"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhba-2013-1158.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/red_hat_enterprise_linux/6/html/hypervisor_deployment_guide/chap-deployment_guide-upgrading_red_hat_enterprise_virtualization_hypervisors.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.12.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.10.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-20.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "https://wiki.mageia.org/en/support/advisories/mgaa-2012-0234"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0743"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5606"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5607"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1739"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5606"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2566"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1741"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5605"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"db": "BID",
"id": "57777"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "PACKETSTORM",
"id": "124315"
},
{
"db": "PACKETSTORM",
"id": "122730"
},
{
"db": "PACKETSTORM",
"id": "122970"
},
{
"db": "PACKETSTORM",
"id": "120811"
},
{
"db": "PACKETSTORM",
"id": "122673"
},
{
"db": "PACKETSTORM",
"id": "121116"
},
{
"db": "PACKETSTORM",
"id": "127174"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"db": "BID",
"id": "57777"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"db": "PACKETSTORM",
"id": "124315"
},
{
"db": "PACKETSTORM",
"id": "122730"
},
{
"db": "PACKETSTORM",
"id": "122970"
},
{
"db": "PACKETSTORM",
"id": "120811"
},
{
"db": "PACKETSTORM",
"id": "122673"
},
{
"db": "PACKETSTORM",
"id": "121116"
},
{
"db": "PACKETSTORM",
"id": "127174"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"date": "2013-02-04T00:00:00",
"db": "BID",
"id": "57777"
},
{
"date": "2013-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"date": "2013-12-07T16:58:05",
"db": "PACKETSTORM",
"id": "124315"
},
{
"date": "2013-08-08T00:50:18",
"db": "PACKETSTORM",
"id": "122730"
},
{
"date": "2013-08-27T23:37:21",
"db": "PACKETSTORM",
"id": "122970"
},
{
"date": "2013-03-15T02:19:25",
"db": "PACKETSTORM",
"id": "120811"
},
{
"date": "2013-08-05T17:55:37",
"db": "PACKETSTORM",
"id": "122673"
},
{
"date": "2013-04-07T15:06:11",
"db": "PACKETSTORM",
"id": "121116"
},
{
"date": "2014-06-24T00:56:06",
"db": "PACKETSTORM",
"id": "127174"
},
{
"date": "2013-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"date": "2013-02-08T19:55:01.203000",
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2013-1620"
},
{
"date": "2016-10-26T04:09:00",
"db": "BID",
"id": "57777"
},
{
"date": "2015-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001463"
},
{
"date": "2022-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-153"
},
{
"date": "2022-12-21T17:30:12.527000",
"db": "NVD",
"id": "CVE-2013-1620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122730"
},
{
"db": "PACKETSTORM",
"id": "120811"
},
{
"db": "PACKETSTORM",
"id": "122673"
},
{
"db": "PACKETSTORM",
"id": "121116"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services of TLS Vulnerabilities that trigger identity attacks and plain text recovery attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001463"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-153"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.