var-201705-3649
Vulnerability from variot

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2k-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2k-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2k-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2k-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2k-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.2 packages: 1d03d7f59dece41b97104cbe8341b812 openssl-1.0.2k-i586-1_slack14.2.txz c5e689d9ac1c1675c5059b8e7cd42594 openssl-solibs-1.0.2k-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 5e075d516ab7ccc1ef14f430e599bdef openssl-1.0.2k-x86_64-1_slack14.2.txz 110479b47a4208bcdb43fee59b9f06ca openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz

Slackware -current packages: 8eca7a113cf58688dc6203c4091fd0ac a/openssl-solibs-1.0.2k-i586-1.txz 1ee03441f6409e48dda42c006ae5a7ad n/openssl-1.0.2k-i586-1.txz

Slackware x86_64 -current packages: 51ed87062d6898bd50705b2c2abc2c68 a/openssl-solibs-1.0.2k-x86_64-1.txz d9e56ff59fd7aa5791bf6809ccea0f92 n/openssl-1.0.2k-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.2k-i586-1_slack14.2.txz openssl-solibs-1.0.2k-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03158061 Version: 1

MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-05-09 Last Updated: 2018-05-09

Potential Security Impact: Remote: Disclosure of Information

Source: Micro Focus, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Service Manager. These vulnerabilities have been identified in the OpenSSL open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information.

References:

  • CVE-2017-3731
  • CVE-2017-3732

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35, v9.40, v9.41, v9.50, v9.51

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

RESOLUTION

MicroFocus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

For versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6:

SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00916

SM 9.35 HP Itanium Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00917

SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00918

SM 9.35 Linux Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00919

SM 9.35 Solaris Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00920

SM 9.35 Windows Server 9.35.6007 p6 http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00921

For version 9.40, 9.41 please upgrade to SM 9.41.P6:

SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00891

Service Manager 9.41.6000 p6 - Server for HP-UX/IA http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00892

Service Manager 9.41.6000 p6 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00893

Service Manager 9.41.6000 p6 - Server for Solaris http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00894

Service Manager 9.41.6000 p6 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00895

For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:

SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00906

Service Manager 9.52.2021 p2 - Server for Linux http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00907

HISTORY Version:1 (rev.1) - 9 May 2018 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com.

Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com

Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability

Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.

3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software

System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2017 EntIT Software LLC

Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.


Gentoo Linux Security Advisory GLSA 201702-07


                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07


Synopsis

Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.2k >= 1.0.2k

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k"

References

[ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201702-07

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9--

. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.

This release upgrades OpenSSL to version 1.0.2.n

Security Fix(es):

  • openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)

  • openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)

  • openssl: certificate message OOB reads (CVE-2016-6306)

  • openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)

  • openssl: Truncated packet could crash via OOB read (CVE-2017-3731)

  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • openssl: Read/write after SSL object in error state (CVE-2017-3737)

  • openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-17:02.openssl Security Advisory The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib Module: openssl Announced: 2017-02-23 Affects: All supported versions of FreeBSD. Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16) CVE Name: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. Problem Description

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. [CVE-2017-3732]

Montgomery multiplication may produce incorrect results. [CVE-2016-7055]

III. Impact

A remote attacker may trigger a crash on servers or clients that supported RC4-MD5. [CVE-2017-3732, CVE-2016-7055]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Restart all daemons that use the library, or reboot the system.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Restart all daemons that use the library, or reboot the system.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 11.0]

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc

gpg --verify openssl-11.patch.asc

[FreeBSD 10.3]

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch

fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc

gpg --verify openssl-10.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all daemons that use the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision


stable/10/ r312863 releng/10.3/ r314125 stable/11/ r312826 releng/11.0/ r314126


To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.18 (FreeBSD)

iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P aufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If Hcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5 cpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG US3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V UErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG CXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY KEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI P0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq I5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l 9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB Kg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4= =8Jsr -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2575-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2575 Issue date: 2018-08-28 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ==================================================================== 1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

  1. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP20.

Security Fix(es):

  • IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)

  • openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

  • openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

  • IBM JDK: DoS in the java.math component (CVE-2018-1517)

  • IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)

  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)

  • OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)

  • Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)

  • OpenSSL: Double-free in DSA code (CVE-2016-0705)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):

1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component

  1. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

ppc64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm

s390x: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.

This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m

This issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.

Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Severity: Low

This issue was previously announced in security advisory https://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously been included in a release due to its low severity.

OpenSSL 1.1.0 users should upgrade to 1.1.0g OpenSSL 1.0.2 users should upgrade to 1.0.2m

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20171102.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3649",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2h"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "7.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2i"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.12.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0c"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "7.5.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.7.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0b"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.0.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.9.5"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.8.1"
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager web console"
      },
      {
        "model": "jp1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support starter edition"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0d"
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - operations director"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "systemdirector enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions"
      },
      {
        "model": "job management partner 1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation"
      },
      {
        "model": "job management partner 1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg all versions"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2k"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "(64)"
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager"
      },
      {
        "model": "jp1/it desktop management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "job management partner 1/performance management - web console",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "job management partner 1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - manager"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "jp1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base(64)"
      },
      {
        "model": "job management partner 1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support advanced edition"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "it operations director",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/service support",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/service support",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "starter edition"
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - manager"
      },
      {
        "model": "job management partner 1/it desktop management - manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all versions  (linux edition )"
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- manager web console"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "webotx portal",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise"
      },
      {
        "model": "jp1/integrated management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- service support advanced edition"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8.1",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.12.0",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.0",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.9.5",
                "versionStartIncluding": "6.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.7.3",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vulnerability is caused by OpenSSL Official website disclosure.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-3732",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-3732",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3732",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3732",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-216",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3732",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2k-i586-1_slack14.2.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2k-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2k-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2k-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2k-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2k-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2k-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n1d03d7f59dece41b97104cbe8341b812  openssl-1.0.2k-i586-1_slack14.2.txz\nc5e689d9ac1c1675c5059b8e7cd42594  openssl-solibs-1.0.2k-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n5e075d516ab7ccc1ef14f430e599bdef  openssl-1.0.2k-x86_64-1_slack14.2.txz\n110479b47a4208bcdb43fee59b9f06ca  openssl-solibs-1.0.2k-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n8eca7a113cf58688dc6203c4091fd0ac  a/openssl-solibs-1.0.2k-i586-1.txz\n1ee03441f6409e48dda42c006ae5a7ad  n/openssl-1.0.2k-i586-1.txz\n\nSlackware x86_64 -current packages:\n51ed87062d6898bd50705b2c2abc2c68  a/openssl-solibs-1.0.2k-x86_64-1.txz\nd9e56ff59fd7aa5791bf6809ccea0f92  n/openssl-1.0.2k-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2k-i586-1_slack14.2.txz openssl-solibs-1.0.2k-i586-1_slack14.2.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03158061\nVersion: 1\n\nMFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-05-09\nLast Updated: 2018-05-09\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Service Manager. \nThese vulnerabilities have been identified in the OpenSSL open source library\ncomponent and may be exploited to cause disruption of service and\nunauthorized disclosure of information. \n\nReferences:\n\n  - CVE-2017-3731\n  - CVE-2017-3732\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35,\nv9.40, v9.41, v9.50, v9.51\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicroFocus has made the following mitigation information available to resolve\nthe vulnerability for the impacted versions of Service Manager:\n\nFor versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6:\n\nSM9.35 P6 packages,\nSM 9.35 AIX Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00916\u003e\n\nSM 9.35 HP Itanium Server  9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00917\u003e\n\nSM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00918\u003e\n\nSM 9.35 Linux Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00919\u003e\n\nSM 9.35 Solaris Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00920\u003e\n\nSM 9.35 Windows Server 9.35.6007 p6\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00921\u003e\n\n\nFor version 9.40, 9.41 please upgrade to SM 9.41.P6:\n\nSM9.41.P6 packages,\nService Manager 9.41.6000 p6 - Server for AIX\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00891\u003e\n\nService Manager 9.41.6000 p6 - Server for HP-UX/IA\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00892\u003e\n\nService Manager 9.41.6000 p6 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00893\u003e\n\nService Manager 9.41.6000 p6 - Server for Solaris\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00894\u003e\n\nService Manager 9.41.6000 p6 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00895\u003e\n\n\nFor version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2:\n\nSM9.52.P2 packages,\nService Manager 9.52.2021 p2 - Server for Windows\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00906\u003e\n\nService Manager 9.52.2021 p2 - Server for Linux\n\u003chttp://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-\nfacetsearch/document/LID/HPSM_00907\u003e\n\nHISTORY\nVersion:1 (rev.1) - 9 May 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to  cyber-psrt@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n  Web form: https://www.microfocus.com/support-and-services/report-security\n  Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email,  please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus  disclaims  all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright 2017 EntIT Software LLC\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201702-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: February 14, 2017\n     Bugs: #607318\n       ID: 201702-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmight allow attackers to access sensitive information. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.2k                  \u003e= 1.0.2k\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker is able to crash applications linked against OpenSSL\nor could obtain sensitive private-key information via an attack against\nthe Diffie-Hellman (DH) ciphersuite. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2k\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-7055\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055\n[ 2 ] CVE-2017-3730\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730\n[ 3 ] CVE-2017-3731\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731\n[ 4 ] CVE-2017-3732\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201702-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9--\n\n. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. \n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n*  openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n(CVE-2016-2182)\n\n*  openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n*  openssl: certificate message OOB reads (CVE-2016-6306)\n\n*  openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n*  openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n*  openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n*  openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n*  openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n*  openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306\nand CVE-2016-7055. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state\n1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-17:02.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          OpenSSL multiple vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2017-02-23\nAffects:        All supported versions of FreeBSD. \nCorrected:      2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)\n                2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)\n                2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)\n                2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p16)\nCVE Name:       CVE-2016-7055, CVE-2017-3731, CVE-2017-3732\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific\ncipher is being used, then a truncated packet can cause that server or\nclient to perform an out-of-bounds read, usually resulting in a crash. [CVE-2017-3732]\n\nMontgomery multiplication may produce incorrect results. [CVE-2016-7055]\n\nIII. Impact\n\nA remote attacker may trigger a crash on servers or clients that supported\nRC4-MD5. [CVE-2017-3732,\nCVE-2016-7055]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.0]\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-11.patch.asc\n# gpg --verify openssl-11.patch.asc\n\n[FreeBSD 10.3]\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:02/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/10/                                                        r312863\nreleng/10.3/                                                      r314125\nstable/11/                                                        r312826\nreleng/11.0/                                                      r314126\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732\u003e\n\n\u003cURL:https://www.openssl.org/news/secadv/20170126.txt\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.18 (FreeBSD)\n\niQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAliujOsACgkQ7Wfs1l3P\naufZHhAAy8U5oOrLGq0XH8Dumpkyc+bFOmsEh+S1hL6jFL13jUVpDqogZ3w/a7If\nHcqiyipx5dbcGbHJayokfimkxPcIYydYQK9NwWaXVlnZifvgWka+KxtcD0u2A8S5\ncpTbNl+CALQQqEF3+JmOc4Uq2Dtui0xFG1N5Og4oF5Uo+lvQh4bcJ1UbfhMdq8EG\nUS3hGlJLJJW75m3jkgHyu0o7A0swnNTUQrW9Z0p/3iTiel7fM57d/N1who+kt59V\nUErXTzMDBT1kkWRne0aTA71gdy3SUeRiVi9/LWggjIRJNyMnQjO3UI2UOIHLLQAG\nCXcZLPekB87iHZxMAw8oV6b4GIkJhqUFW2ep2AZkUdDZ2Mup9bDrx/0Ik0jHjyQY\nKEmZDroHvP8z569q+aWfIIpMXPv6zJTnent45U2/q13wMHJwWsADu9ukeWKTw7wI\nP0Rc3vht+AXbXFi9SjxwdldgrVszV7x8Yi6W9KhHsGqCl6NBCW9Md/PWbNQQUVkq\nI5tV0WB3pTwOk0yMi3h/okM9VBr1lPDU18W0he5T9wbOh4w0jwFb8AqMu1slst3l\n9MlhRfO/4LIDlfRQ/dj4dOfVLZqEd/xleax99yFXZUzibUYrOMlBxNaKvV80plwB\nKg2Hr3DJuJa3599kNgXMCNV1lRIOJbJ9dRmX6B0YzMgvxKPIXY4=\n=8Jsr\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: java-1.8.0-ibm security update\nAdvisory ID:       RHSA-2018:2575-01\nProduct:           Red Hat Enterprise Linux Supplementary\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2575\nIssue date:        2018-08-28\nCVE Names:         CVE-2016-0705 CVE-2017-3732 CVE-2017-3736\n                   CVE-2018-1517 CVE-2018-1656 CVE-2018-2940\n                   CVE-2018-2952 CVE-2018-2973 CVE-2018-12539\n====================================================================\n1. Summary:\n\nAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux\n6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP20. \n\nSecurity Fix(es):\n\n* IBM JDK: privilege escalation via insufficiently restricted access to\nAttach API (CVE-2018-12539)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* IBM JDK: DoS in the java.math component (CVE-2018-1517)\n\n* IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n(CVE-2018-1656)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (Libraries) (CVE-2018-2940)\n\n* OpenJDK: insufficient index validation in PatternSyntaxException\ngetMessage() (Concurrency, 8199547) (CVE-2018-2952)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (JSSE) (CVE-2018-2973)\n\n* OpenSSL: Double-free in DSA code (CVE-2016-0705)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the\noriginal reporter of CVE-2016-0705. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)\n1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)\n1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)\n1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API\n1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nppc64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm\n\ns390x:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0705\nhttps://access.redhat.com/security/cve/CVE-2017-3732\nhttps://access.redhat.com/security/cve/CVE-2017-3736\nhttps://access.redhat.com/security/cve/CVE-2018-1517\nhttps://access.redhat.com/security/cve/CVE-2018-1656\nhttps://access.redhat.com/security/cve/CVE-2018-2940\nhttps://access.redhat.com/security/cve/CVE-2018-2952\nhttps://access.redhat.com/security/cve/CVE-2018-2973\nhttps://access.redhat.com/security/cve/CVE-2018-12539\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n\nThis only affects processors that support the BMI1, BMI2 and ADX extensions like\nIntel Broadwell (5th generation) and later or AMD Ryzen. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0g\nOpenSSL 1.0.2 users should upgrade to 1.0.2m\n\nThis issue was reported to OpenSSL on 10th August 2017 by the OSS-Fuzz project. \nThe fix was developed by Andy Polyakov of the OpenSSL development team. \n\nMalformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)\n====================================================================\n\nSeverity: Low\n\nThis issue was previously announced in security advisory\nhttps://www.openssl.org/news/secadv/20170828.txt, but the fix has not previously\nbeen included in a release due to its low severity. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0g\nOpenSSL 1.0.2 users should upgrade to 1.0.2m\n\n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20171102.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3732",
        "trust": 3.3
      },
      {
        "db": "SECTRACK",
        "id": "1037717",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "95814",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-04",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU92830136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1415",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4325",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0258.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1613",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0733",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3732",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141025",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "147577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141255",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149130",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169631",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "id": "VAR-201705-3649",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.206875005
  },
  "last_update_date": "2024-06-14T20:46:02.785000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2018-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-103/index.html"
      },
      {
        "title": "hitachi-sec-2017-115",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html"
      },
      {
        "title": "NV17-011",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv17-011.html"
      },
      {
        "title": "BN_mod_exp may produce incorrect results on x86_64",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20170126.txt"
      },
      {
        "title": "hitachi-sec-2018-103",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2018-103/index.html"
      },
      {
        "title": "hitachi-sec-2017-115",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-115/index.html"
      },
      {
        "title": "OpenSSL Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67520"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/01/31/openssl_patches/"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182575 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182713 - security advisory"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182568 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2017-3732",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-3732"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-3732"
      },
      {
        "title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Connect 3.7.4 and earlier (CVE-2017-3732, CVE-2016-7055)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=030cb7ac9266aec85453c1d2339fbc00"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-37] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-37"
      },
      {
        "title": "Huawei Security Advisories: Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=1181e052a6a83786d4182d45ddb56d5d"
      },
      {
        "title": "Symantec Security Advisories: SA141 : OpenSSL Vulnerabilities 26-Jan-2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=117bc0d26e74d755d85acf15af842eaf"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-36"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3d9ab13c871ea2142681c7977b25c5ff"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2018 \u2013 Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=af4ddb95056d65a4af347aec0f652f0e"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170130-openssl"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=62ef85c9034c17315b7d0a712483c5ea"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=03b0267d78cd8ac1bbb43afc737474f0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=63bbfc68418161b36080acd59a541d45"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=42a34f9348fc5f34065c6d25764eb2a2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Security fixes from the July 2017 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=adc1e0c986afd5f2f3b0797ba936d072"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2017-3730, -3731, -3732 OpenSSL Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=16a227df38f44014c9520f3b6cb5344e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
      },
      {
        "title": "Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-04"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dd8c9d5928cc3b1ac8c35b4b24703e38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/95814"
      },
      {
        "trust": 1.8,
        "url": "https://www.openssl.org/news/secadv/20170126.txt"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201702-07"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2575"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2713"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1037717"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-04"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03838en_us"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2568"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92830136/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10715641"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10871356"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10882734"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76710"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4325/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10882292"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80494"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10882754"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79678"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106811"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734877"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170503-01-openssl-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/74714"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-12539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12539"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3181-1/"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://www.microfocus.com/support-and-services/report-security"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
      },
      {
        "trust": 0.1,
        "url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
      },
      {
        "trust": 0.1,
        "url": "http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/km03158061"
      },
      {
        "trust": 0.1,
        "url": "https://softwaresupport.hpe.com/security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3730"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3732"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3730"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170126.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-11.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:02.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-11.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-10.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3732\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3731\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-17:02/openssl-10.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7055\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170828.txt,"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "date": "2017-02-13T16:38:20",
        "db": "PACKETSTORM",
        "id": "141025"
      },
      {
        "date": "2018-05-10T10:11:22",
        "db": "PACKETSTORM",
        "id": "147577"
      },
      {
        "date": "2018-09-18T02:18:55",
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "date": "2017-02-14T17:07:17",
        "db": "PACKETSTORM",
        "id": "141088"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2017-02-23T17:14:20",
        "db": "PACKETSTORM",
        "id": "141255"
      },
      {
        "date": "2018-08-29T00:28:49",
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "date": "2017-11-02T12:12:12",
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "date": "2017-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "date": "2017-05-04T19:29:00.400000",
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3732"
      },
      {
        "date": "2018-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      },
      {
        "date": "2022-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      },
      {
        "date": "2022-08-29T20:43:33.220000",
        "db": "NVD",
        "id": "CVE-2017-3732"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003156"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-216"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.