var-201506-0210
Vulnerability from variot
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04739301
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04739301 Version: 1
HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-07-10 Last Updated: 2015-07-10
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall Products running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Product Impacted Versions Impacted CVEs
HP IceWall MCRP v3.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792
HP IceWall SSO Dfw v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792
HP IceWall SSO Agent Option v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792
HP IceWall SSO Certd v10.0 CVE-2015-1792
HP IceWall Federation Agent v3.0 CVE-2015-1792
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends applying the latest OS vendor security patches for OpenSSL to resolve the vulnerabilities for HP IceWall Products.
HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please apply the latest OS vendor security patches for OpenSSL and switch to the OpenSSL library bundled with the OS.
Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 10 July 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201506-02
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: June 22, 2015 Bugs: #551832 ID: 201506-02
Synopsis
Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o
Description
Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"
References
[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201506-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ============================================================================ Ubuntu Security Notice USN-2639-1 June 11, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. (CVE-2015-1788)
Robert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. (CVE-2015-1791)
Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. (CVE-2015-1792)
As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2639-1 CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. [CVE-2015-1791]
The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.
III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]
An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
[FreeBSD 9.3 and 8.4]
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch
fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc
gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz
Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz
Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz
Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015] =======================================
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).
OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n
Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.
This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.
This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.
Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
Severity: Moderate
X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.
An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.
PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
Severity: Moderate
The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.
CMS verify infinite loop with unknown hash function (CVE-2015-1792)
Severity: Moderate
When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.
This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Race condition handling NewSessionTicket (CVE-2015-1791)
Severity: Low
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg
This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.
Invalid free in DTLS (CVE-2014-8176)
Severity: Moderate
This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.
If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.
This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.
The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0210", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "15.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.3" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zf" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.9, "vendor": "juniper", "version": null }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "hs series all versions" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle transportation management 6.2" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.01" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator probe option ver3.1.0.x to ver4.1.0.x" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.02" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v7.1 to v8.1" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.2" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator agent ver3.3 to ver4.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.2 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.2" }, { "model": "peoplesoft products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of peoplesoft enterprise peopletools 8.54" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v7.1" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.4" }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c ucm" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle transportation management 6.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1" }, { "model": "e-business suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v7.1 to v8.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "systemmanager ver5.5.2 to ver6.2.1" }, { "model": "peoplesoft products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of peoplesoft enterprise peopletools 8.53" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.2" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "jobcenter r14.1" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.4 to v9.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v4.1 to v6.5" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0s" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator manager ver3.2.2 to ver4.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2b" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1n" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v4.2 to v6.5" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "mcoperations ver3.6.2 to ver4.2" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "system management homepage", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.1" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle exalogic infrastructure eecs 2.0.6.2.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0 manager component" }, { "model": "junos 12.1x46-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.53" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.0.0" }, { "model": "junos 12.1x44-d33", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "hp-ux b.11.22", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "buildforge ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.28" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "junos 12.1x47-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "junos 14.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.11" }, { "model": "version control agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "open source siem", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "5.0.4" }, { "model": "worklight foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.20" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "junos 13.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "netinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ascenlink", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "7.2.3" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "hp-ux b.11.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x44-d51", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "worklight foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.20" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "junos 13.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "imc products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "junos 12.1x44-d50", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0" }, { "model": "enterprise linux server eus 6.6.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "junos 14.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "communications security gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "qradar incident forensics mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "junos 12.3x48-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0.10.38" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "system networking rackswitch g8316", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.00" }, { "model": "filenet system monitor interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.5.0.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.3x48-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.33" }, { "model": "junos 12.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.1n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "enterprise content management system monitor fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.02" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "qradar siem mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.6" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "junos 15.1r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.03" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "junos 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "system networking rackswitch g8264t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "qradar siem mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.1" }, { "model": "junos 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "enterprise content management system monitor interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.3" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "project openssl 1.0.2b", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.10" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "junos 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.14" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aura conferencing sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "system networking rackswitch g8264cs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "security network controller 1.0.3387m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos 12.1x44-d55", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d40", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 12.1x44-d30.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "junos 15.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos d20", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "comware products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "50" }, { "model": "exalogic infrastructure eecs", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.6.2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.14" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1.1" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "hp-ux b.11.11.16.09", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.12.3" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.413" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.34" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "netinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.14" }, { "model": "cognos insight standard edition fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.214" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified security management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.16" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "icewall federation agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.3" }, { "model": "hp-ux b.11.11.13.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system networking rackswitch g8124-e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "junos 14.1r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.16" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system networking rackswitch g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "comware products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "hp-ux b.11.23.1.007", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "fortianalyzer", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.9" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "unified security management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "forticlient windows/mac", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "15.2" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security identity governance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise session border controller ecz7.3m2p2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "ds8870 r7.5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system networking rackswitch g8264t", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.2.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "sdk for node.js for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0.12.4" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.12" }, { "model": "qradar siem mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.18" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.0.4.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "junos 13.2x51-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 14.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "fortivoice enterprise", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0.6" }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x46-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "hp-ux b.11.11.02.008", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x44-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.11" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.0" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x46-d55", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "junos 12.1x47-d11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "system networking rackswitch g8332", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.7.21.0" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "junos 12.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "unified security management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.14" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "project openssl 0.9.8zg", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 14.2r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "junos 13.2x51-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "powerkvm build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.157" }, { "model": "junos 13.2x51-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "buildforge ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.66" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "16.1" }, { "model": "junos 12.1x47-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "insight orchestration", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "qradar siem mr3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1" }, { "model": "project openssl 1.0.0s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "junos d35", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "vcx products", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "rational software architect for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "qradar incident forensics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "junos 12.1x47-d45", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified security management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "qradar siem mr1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "system networking rackswitch g8264cs", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "junos 12.1x44-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "junos 12.1x46-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "hp-ux b.11.11.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.9" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.01" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "fortiddos", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.2.0.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "hp-ux b.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "secure backup", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.3" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "forticlient ios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "project openssl 0.9.8zf", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "forticlient android", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.6" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "hp-ux b.11.23.07.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "qradar incident forensics mr3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "aura conferencing sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "junos 12.3x48-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system networking rackswitch g8316", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified security management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "operations agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "11.15" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.02" }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "junos 12.1x46-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.0.3" }, { "model": "junos 12.3r11", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.2" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.1" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "junos 13.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "cognos insight standard edition fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.24" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.2.0.3" }, { "model": "infosphere guardium for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "project openssl 1.0.0r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 15.1x49-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "forticache", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.41" }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.0.2" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "junos 14.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "buildforge ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.37" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "workload deployer if9", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.10" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "worklight foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.13" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.2" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "junos 12.3r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "16.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.6" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.43" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.0.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "cognos insight standard edition fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.124" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.0" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "fsso build", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "235" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "worklight foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "hp-ux b.11.11.14.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "junos 12.1x44-d35.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.3x48-d30", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system networking rackswitch g8332", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.20.0" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.5" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "operations agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "12.01" }, { "model": "unified security management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "5.0.4" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.15" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "junos 13.2x51-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "junos 12.1x46-d36", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "hp-ux b.11.11.15.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.05" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "open source siem", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.14" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "operations agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.12" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "junos 15.1x49-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "fortiauthenticator", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.3" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "junos 12.1x46-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "icewall sso certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "junos 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.3r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "15.04" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "qradar siem mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.19" }, { "model": "junos 12.1x44-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null } ], "sources": [ { "db": "BID", "id": "75154" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "NVD", "id": "CVE-2015-1792" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zf", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-1792" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Johannes Bauer", "sources": [ { "db": "BID", "id": "75154" } ], "trust": 0.3 }, "cve": "CVE-2015-1792", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-1792", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-1792", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-1792", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1792" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "NVD", "id": "CVE-2015-1792" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04739301\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04739301\nVersion: 1\n\nHPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-07-10\nLast Updated: 2015-07-10\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall\nProducts running OpenSSL. The vulnerabilities could be exploited remotely\nresulting in Denial of Service (DoS). \nProduct\n Impacted Versions\n Impacted CVEs\n\nHP IceWall MCRP\n v3.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Dfw\n v10.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Agent Option\n v10.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Certd\n v10.0\n CVE-2015-1792\n\nHP IceWall Federation Agent\n v3.0\n CVE-2015-1792\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends applying the latest OS vendor security patches for OpenSSL to\nresolve the vulnerabilities for HP IceWall Products. \n\n HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please apply the\nlatest OS vendor security patches for OpenSSL and switch to the OpenSSL\nlibrary bundled with the OS. \n\n Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n Note: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 10 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201506-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: June 22, 2015\n Bugs: #551832\n ID: 201506-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL that can result in\neither Denial of Service or information disclosure. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1o \u003e= 0.9.8z_p7\n \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ============================================================================\nUbuntu Security Notice USN-2639-1\nJune 11, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. (CVE-2015-1788)\n\nRobert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled\ncertain ASN1_TIME strings. \n(CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. \n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 768 bits, preventing a possible downgrade\nattack. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libssl1.0.0 1.0.1f-1ubuntu11.4\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.8\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.15\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.31\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2639-1\n CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\n CVE-2015-1791, CVE-2015-1792\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl Security Advisory\n The FreeBSD Project\n\nTopic: Multiple OpenSSL vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-06-12\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r284286\nreleng/8.4/ r284295\nstable/9/ r284286\nreleng/9.3/ r284295\nstable/10/ r284285\nreleng/10.1/ r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. \n Fixes several bugs and security issues:\n o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n o Race condition handling NewSessionTicket (CVE-2015-1791)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates. This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-1792" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "BID", "id": "75154" }, { "db": "VULMON", "id": "CVE-2015-1792" }, { "db": "PACKETSTORM", "id": "132637" }, { "db": "PACKETSTORM", "id": "132398" }, { "db": "PACKETSTORM", "id": "132260" }, { "db": "PACKETSTORM", "id": "132288" }, { "db": "PACKETSTORM", "id": "132285" }, { "db": "PACKETSTORM", "id": "136989" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "169629" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-1792", "trust": 3.0 }, { "db": "BID", "id": "75154", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10694", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10122", "trust": 1.1 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "SECTRACK", "id": "1032564", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91445763", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-003084", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-1792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132637", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132398", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132260", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132288", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132285", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136989", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169629", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1792" }, { "db": "BID", "id": "75154" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "PACKETSTORM", "id": "132637" }, { "db": "PACKETSTORM", "id": "132398" }, { "db": "PACKETSTORM", "id": "132260" }, { "db": "PACKETSTORM", "id": "132288" }, { "db": "PACKETSTORM", "id": "132285" }, { "db": "PACKETSTORM", "id": "136989" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "169629" }, { "db": "NVD", "id": "CVE-2015-1792" } ] }, "id": "VAR-201506-0210", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.2242063475 }, "last_update_date": "2024-07-23T20:20:15.383000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html" }, { "title": "HT205031", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205031" }, { "title": "HT205031", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht205031" }, { "title": "cisco-sa-20150612-openssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl" }, { "title": "Canonicalise input in CMS_verify.", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c" }, { "title": "HPSBUX03388", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2" }, { "title": "HPSBMU03546", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763" }, { "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831", "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html" }, { "title": "NV15-010", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html" }, { "title": "OpenSSL vulnerabilities", "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "title": "Tarballs", "trust": 0.8, "url": "https://www.openssl.org/source/" }, { "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150611.txt" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "JSA10694", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694" }, { "title": "TLSA-2015-14", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html" }, { "title": "cisco-sa-20150612-openssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/" }, { "title": "Red Hat: CVE-2015-1792", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1792" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1" }, { "title": "Amazon Linux AMI: ALAS-2015-550", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl" }, { "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-1792 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1792" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "NVD", "id": "CVE-2015-1792" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20150611.txt" }, { "trust": 1.4, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/75154" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201506-02" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2639-1" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht205031" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "https://openssl.org/news/secadv/20150611.txt" }, { "trust": 1.1, "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015" }, { "trust": 1.1, "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa98" }, { "trust": 1.1, "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1032564" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3287" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91445763/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1792" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/13" }, { "trust": 0.3, "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/135" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21961837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21966484" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101012435" }, { "trust": 0.3, "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963532" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.2, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.2, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-1792" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1792" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2639-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://www.hp.com/jp/icewall_patchaccess" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790" }, { "trust": 0.1, "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4" }, { "trust": 0.1, "url": "https://www.hp.com/go/sim" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightcontrol" }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://rt.openssl.org/ticket/display.html?id=3286" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1792" }, { "db": "BID", "id": "75154" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "PACKETSTORM", "id": "132637" }, { "db": "PACKETSTORM", "id": "132398" }, { "db": "PACKETSTORM", "id": "132260" }, { "db": "PACKETSTORM", "id": "132288" }, { "db": "PACKETSTORM", "id": "132285" }, { "db": "PACKETSTORM", "id": "136989" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "169629" }, { "db": "NVD", "id": "CVE-2015-1792" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-1792" }, { "db": "BID", "id": "75154" }, { "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "db": "PACKETSTORM", "id": "132637" }, { "db": "PACKETSTORM", "id": "132398" }, { "db": "PACKETSTORM", "id": "132260" }, { "db": "PACKETSTORM", "id": "132288" }, { "db": "PACKETSTORM", "id": "132285" }, { "db": "PACKETSTORM", "id": "136989" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "169629" }, { "db": "NVD", "id": "CVE-2015-1792" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-06-12T00:00:00", "db": "VULMON", "id": "CVE-2015-1792" }, { "date": "2015-06-11T00:00:00", "db": "BID", "id": "75154" }, { "date": "2015-06-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "date": "2015-07-10T15:43:15", "db": "PACKETSTORM", "id": "132637" }, { "date": "2015-06-22T14:14:00", "db": "PACKETSTORM", "id": "132398" }, { "date": "2015-06-11T23:39:03", "db": "PACKETSTORM", "id": "132260" }, { "date": "2015-06-12T13:25:28", "db": "PACKETSTORM", "id": "132288" }, { "date": "2015-06-12T13:17:58", "db": "PACKETSTORM", "id": "132285" }, { "date": "2016-05-13T16:14:13", "db": "PACKETSTORM", "id": "136989" }, { "date": "2016-06-02T19:12:12", "db": "PACKETSTORM", "id": "137292" }, { "date": "2015-06-11T12:12:12", "db": "PACKETSTORM", "id": "169629" }, { "date": "2015-06-12T19:59:05.273000", "db": "NVD", "id": "CVE-2015-1792" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-13T00:00:00", "db": "VULMON", "id": "CVE-2015-1792" }, { "date": "2017-05-02T04:06:00", "db": "BID", "id": "75154" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-003084" }, { "date": "2023-02-13T00:46:54.330000", "db": "NVD", "id": "CVE-2015-1792" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "75154" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/cms/cms_smime.c of do_free_upto Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-003084" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "75154" } ], "trust": 0.3 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.