var-201606-0478
Vulnerability from variot
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. OpenSSL is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OpenSSL 1.0.2h and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7 Advisory ID: RHSA-2017:0194-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2017:0194 Issue date: 2017-01-25 CVE Names: CVE-2016-2108 CVE-2016-2177 CVE-2016-2178 CVE-2016-4459 CVE-2016-6808 CVE-2016-8612 =====================================================================
- Summary:
An update is now available for JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. (CVE-2016-2108)
-
It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. (CVE-2016-2178)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)
-
An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. (CVE-2016-8612)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.src.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.src.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.41-14.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.23-102.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.ppc64.rpm jbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/cve/CVE-2016-6808 https://access.redhat.com/security/cve/CVE-2016-8612 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYiQWBXlSAg2UNWIIRArWdAJwO4BE3aBxonVdBzdTUsNa+5ZKLmwCfSRUf 2AmaztKx6GqFZTJkumoOcS8= =0wxz -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03763en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03763en_us Version: 1
HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-08-01 Last Updated: 2017-08-01
Potential Security Impact: Remote: Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in Comware 7, IMC, VCX products using OpenSSL.
- Comware v7 (CW7) Products See resolution section for impacted versions
- HP Intelligent Management Center (iMC) See resolution section for impacted versions
- VCX Products 9.8.19
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2177
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software updates to resolve the vulnerability in Comware 7, IMC PLAT, and VCX.
Note: The following products are impacted by this issue
COMWARE 7 Products
-
12500 (Comware 7) - Version: R7377P02
- HPE Branded Products Impacted
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
-
10500 (Comware 7) - Version: R7184
- HPE Branded Products Impacted
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
-
5900/5920 (Comware 7) - Version: R2432
- HPE Branded Products Impacted
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
-
MSR1000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
-
MSR2000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
-
MSR3000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
-
MSR4000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
-
VSR (Comware 7) - Version: E0324
- HPE Branded Products Impacted
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
-
7900 (Comware 7) - Version: R2152
- HPE Branded Products Impacted
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
-
5130EI (Comware 7) - Version: R3115P05
- HPE Branded Products Impacted
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
-
6125XLG - Version: R2432
- HPE Branded Products Impacted
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
-
6127XLG - Version: R2432
- HPE Branded Products Impacted
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
-
Moonshot - Version: R2432
- HPE Branded Products Impacted
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
-
5700 (Comware 7) - Version: R2432
- HPE Branded Products Impacted
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
-
5930 (Comware 7) - Version: R2432
- HPE Branded Products Impacted
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
-
1950 (Comware 7) - Version: R3115P06
- HPE Branded Products Impacted
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
-
7500 (Comware 7) - Version: R7184
- HPE Branded Products Impacted
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
-
5510HI (Comware 7) - Version: R1121P01
- HPE Branded Products Impacted
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
-
5130HI (Comware 7) - Version: R1121P02
- HPE Branded Products Impacted
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
-
5940 (Comware 7) - Version: R2509P02
- HPE Branded Products Impacted
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
-
5950 (Comware 7) - Version: R6123
- HPE Branded Products Impacted
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
-
12900E (Comware 7) - Version: R2609
- HPE Branded Products Impacted
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
-
iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HPE Branded Products Impacted
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
-
iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HPE Branded Products Impacted
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
-
VCX - Version: 9.8.19
- HPE Branded Products Impacted
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 1 August 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-6808)
- A memory leak flaw was fixed in expat. Solution:
The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
- (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. OpenSSL Security Advisory [22 Sep 2016] ========================================
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0478", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solaris", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "11.3" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "5" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "icewall mcrp", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "icewall sso", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "icewall mcrp", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "certd" }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw" }, { "model": "icewall sso agent option", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center enterprise live data server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "nexus intercloud for vmware", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1.2" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "api connect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.10" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1.3" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "small business spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "configuration professional", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.3.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.1.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "bigfix remote control", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "storediq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "integrated management module for bladecenter yuoo", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-37" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "broadband access center telco and wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.2" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.3.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "prime optical", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "series stackable", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "agent desktop", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "telepresence system tx9000", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "mobility services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "spa51x ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.2.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "small business series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "solaris sru11.6", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "one portal", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tealeaf customer experience on cloud network capture add-on", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.1.01" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "integrated management module for system yuoo", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-32" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "jabber", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1100" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.3.0" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2177" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140182" } ], "trust": 0.4 }, "cve": "CVE-2016-2177", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-2177", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-2177", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2177", "trust": 1.8, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2016-2177", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. OpenSSL is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nOpenSSL 1.0.2h and prior versions are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7\nAdvisory ID: RHSA-2017:0194-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0194\nIssue date: 2017-01-25\nCVE Names: CVE-2016-2108 CVE-2016-2177 CVE-2016-2178 \n CVE-2016-4459 CVE-2016-6808 CVE-2016-8612 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.23 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.6 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. \n(CVE-2016-2108)\n\n* It was found that the length checks prior to writing to the target buffer\nfor creating a virtual host mapping rule did not take account of the length\nof the virtual host name, creating the potential for a buffer overflow. \n(CVE-2016-2178)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\n* An error was found in protocol parsing logic of mod_cluster load balancer\nApache HTTP Server modules. An attacker could use this flaw to cause a\nSegmentation Fault in the serving httpd process. (CVE-2016-8612)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red\nHat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and\nDavid Benjamin (Google) as the original reporters of CVE-2016-2108. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.src.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.src.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.41-14.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-102.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.ppc64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/cve/CVE-2016-6808\nhttps://access.redhat.com/security/cve/CVE-2016-8612\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYiQWBXlSAg2UNWIIRArWdAJwO4BE3aBxonVdBzdTUsNa+5ZKLmwCfSRUf\n2AmaztKx6GqFZTJkumoOcS8=\n=0wxz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2179)\n Shi Lei discovered that OpenSSL incorrectly handled memory in the\n TS_OBJ_print_bio() function. (CVE-2016-2180)\n It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\n feature. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n (CVE-2016-6302)\n Shi Lei discovered that OpenSSL incorrectly handled memory in the\n MDC2_Update() function. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03763en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03763en_us\nVersion: 1\n\nHPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote\nDenial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-08-01\nLast Updated: 2017-08-01\n\nPotential Security Impact: Remote: Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in Comware 7, IMC, VCX\nproducts using OpenSSL. \n\n - Comware v7 (CW7) Products See resolution section for impacted versions\n - HP Intelligent Management Center (iMC) See resolution section for\nimpacted versions\n - VCX Products 9.8.19\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2177\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the vulnerability\nin Comware 7, IMC PLAT, and VCX. \n\n**Note:** The following products are impacted by this issue\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377P02**\n * HPE Branded Products Impacted\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n \n \n + **10500 (Comware 7) - Version: R7184**\n * HPE Branded Products Impacted\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n \n \n + **5900/5920 (Comware 7) - Version: R2432**\n * HPE Branded Products Impacted\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n \n \n + **MSR1000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n \n \n + **MSR2000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n \n \n + **MSR3000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n \n \n + **MSR4000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n \n \n + **VSR (Comware 7) - Version: E0324**\n * HPE Branded Products Impacted\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n \n \n + **7900 (Comware 7) - Version: R2152**\n * HPE Branded Products Impacted\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n \n \n + **5130EI (Comware 7) - Version: R3115P05**\n * HPE Branded Products Impacted\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n \n \n + **6125XLG - Version: R2432**\n * HPE Branded Products Impacted\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n \n \n + **6127XLG - Version: R2432**\n * HPE Branded Products Impacted\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n \n \n + **Moonshot - Version: R2432**\n * HPE Branded Products Impacted\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n \n \n + **5700 (Comware 7) - Version: R2432**\n * HPE Branded Products Impacted\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n \n \n + **5930 (Comware 7) - Version: R2432**\n * HPE Branded Products Impacted\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n \n \n + **1950 (Comware 7) - Version: R3115P06**\n * HPE Branded Products Impacted\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n \n \n + **7500 (Comware 7) - Version: R7184**\n * HPE Branded Products Impacted\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n \n \n + **5510HI (Comware 7) - Version: R1121P01**\n * HPE Branded Products Impacted\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n \n \n + **5130HI (Comware 7) - Version: R1121P02**\n * HPE Branded Products Impacted\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n \n \n + **5940 (Comware 7) - Version: R2509P02**\n * HPE Branded Products Impacted\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n \n \n + **5950 (Comware 7) - Version: R6123**\n * HPE Branded Products Impacted\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n \n \n + **12900E (Comware 7) - Version: R2609**\n * HPE Branded Products Impacted\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n \n \n + **iNode PC 7.2 (E0410) - Version: 7.2 E0410**\n * HPE Branded Products Impacted\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n \n \n + **iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409**\n * HPE Branded Products Impacted\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n \n \n + **VCX - Version: 9.8.19**\n * HPE Branded Products Impacted\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n \n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 1 August 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2177" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "BID", "id": "91319" }, { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2177", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-18-144-01", "trust": 1.9 }, { "db": "MCAFEE", "id": "SB10165", "trust": 1.4 }, { "db": "BID", "id": "91319", "trust": 1.4 }, { "db": "SECTRACK", "id": "1036088", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/9", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.1 }, { "db": "SCHNEIDER", "id": "SEVD-2018-144-01", "trust": 1.1 }, { "db": "SCHNEIDER", "id": "SEVD-2018-137-01", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003304", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2016-2177", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140717", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143176", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143628", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140850", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "id": "VAR-201606-0478", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4102494200000001 }, "last_update_date": "2024-07-22T21:45:06.283000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "hitachi-sec-2017-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-103/index.html" }, { "title": "HPSBGN03658", "trust": 0.8, "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "SB10165", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10165" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Avoid some undefined pointer arithmetic", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "Bug 1341705", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "HS16-023", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html" }, { "title": "hitachi-sec-2017-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-103/index.html" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: CVE-2016-2177", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2177" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2177" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "hackerone-publicy-disclosed", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/openssl-cve-lib " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10165" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:1658" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:0194" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.2, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-144-01" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3181-1" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91319" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036088" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03763en_us" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2017:0193" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.1, "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-144-01/" }, { "trust": 1.1, "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-137-01/" }, { "trust": 1.1, "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k23873366" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.1, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=a004e72b95835136d3f1ea90517f706c24c03da7" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2177" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-18-144-01" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2177" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.3, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099492" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993601" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995038" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22001805" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8610" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/190.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2017:1659" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3181-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6808" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03763en_us" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-20T00:00:00", "db": "VULMON", "id": "CVE-2016-2177" }, { "date": "2016-05-05T00:00:00", "db": "BID", "id": "91319" }, { "date": "2016-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "date": "2017-01-25T21:53:32", "db": "PACKETSTORM", "id": "140717" }, { "date": "2017-06-28T22:12:00", "db": "PACKETSTORM", "id": "143176" }, { "date": "2017-06-28T22:37:00", "db": "PACKETSTORM", "id": "143181" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2017-08-03T04:28:16", "db": "PACKETSTORM", "id": "143628" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2017-02-01T00:36:45", "db": "PACKETSTORM", "id": "140850" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-06-20T01:59:02.087000", "db": "NVD", "id": "CVE-2016-2177" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2177" }, { "date": "2018-02-05T14:00:00", "db": "BID", "id": "91319" }, { "date": "2019-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "date": "2023-11-07T02:31:01.273000", "db": "NVD", "id": "CVE-2016-2177" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "91319" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003304" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "91319" } ], "trust": 0.3 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.