Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
175 vulnerabilities found for database by oracle
VAR-201410-1418
Vulnerability from variot - Updated: 2026-04-10 23:34The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. OpenSSL is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following versions are vulnerable: OpenSSL 0.9.8 prior to 0.9.8zc OpenSSL 1.0.0 prior to 1.0.0o OpenSSL 1.0.1 prior to 1.0.1j. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. The vulnerability is caused by the program's use of non-deterministic CBC padding. OpenSSL Security Advisory [15 Oct 2014] =======================================
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.
This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Session Ticket Memory Leak (CVE-2014-3567)
Severity: Medium
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. The following firmware versions of Virtual Connect (VC) are impacted:
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21
Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-14
https://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: July 10, 2015 Bugs: #537214 ID: 201507-14
Synopsis
Multiple vulnerabilities have been found in Oracle JRE/JDK, allowing both local and remote attackers to compromise various Java components. Please review the CVE identifiers referenced below for details.
Impact
An context-dependent attacker may be able to influence the confidentiality, integrity, and availability of Java applications/runtime.
Workaround
There is no workaround at this time.
Resolution
All Oracle JRE 8 users should upgrade to the latest stable version:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.31
All Oracle JDK 8 users should upgrade to the latest stable version:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.31
All Oracle JRE 7 users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.7.0.76
All Oracle JDK 7 users should upgrade to the latest stable version:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.7.0.76
References
[ 1 ] CVE-2014-3566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566
[ 2 ] CVE-2014-6549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6549
[ 3 ] CVE-2014-6585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6585
[ 4 ] CVE-2014-6587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6587
[ 5 ] CVE-2014-6591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6591
[ 6 ] CVE-2014-6593
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6593
[ 7 ] CVE-2014-6601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6601
[ 8 ] CVE-2015-0383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0383
[ 9 ] CVE-2015-0395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0395
[ 10 ] CVE-2015-0400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0400
[ 11 ] CVE-2015-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0403
[ 12 ] CVE-2015-0406
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0406
[ 13 ] CVE-2015-0407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0407
[ 14 ] CVE-2015-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0408
[ 15 ] CVE-2015-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0410
[ 16 ] CVE-2015-0412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0412
[ 17 ] CVE-2015-0413
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0413
[ 18 ] CVE-2015-0421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0421
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-14
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
HP CMS: UCMDB Browser all supported versions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-ibm security update
Advisory ID: RHSA-2014:1876-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1876.html
Issue date: 2014-11-19
CVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288
CVE-2014-6456 CVE-2014-6457 CVE-2014-6458
CVE-2014-6476 CVE-2014-6492 CVE-2014-6493
CVE-2014-6502 CVE-2014-6503 CVE-2014-6506
CVE-2014-6511 CVE-2014-6512 CVE-2014-6515
CVE-2014-6527 CVE-2014-6531 CVE-2014-6532
CVE-2014-6558
=====================================================================
- Summary:
Updated java-1.7.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
- Description:
IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-3065, CVE-2014-3566,
CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,
CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,
CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531,
CVE-2014-6532, CVE-2014-6558)
The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to
address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM
article linked to in the References section for additional details about
this change and instructions on how to re-enable SSL 3.0 support if needed.
All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR8 release. All running instances
of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)
1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)
1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)
1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)
1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)
1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540)
1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
x86_64:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
ppc:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc.rpm
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.ppc.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
s390x:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390.rpm
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390x.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390x.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390x.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390x.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390x.rpm
x86_64:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3065
https://access.redhat.com/security/cve/CVE-2014-3566
https://access.redhat.com/security/cve/CVE-2014-4288
https://access.redhat.com/security/cve/CVE-2014-6456
https://access.redhat.com/security/cve/CVE-2014-6457
https://access.redhat.com/security/cve/CVE-2014-6458
https://access.redhat.com/security/cve/CVE-2014-6476
https://access.redhat.com/security/cve/CVE-2014-6492
https://access.redhat.com/security/cve/CVE-2014-6493
https://access.redhat.com/security/cve/CVE-2014-6502
https://access.redhat.com/security/cve/CVE-2014-6503
https://access.redhat.com/security/cve/CVE-2014-6506
https://access.redhat.com/security/cve/CVE-2014-6511
https://access.redhat.com/security/cve/CVE-2014-6512
https://access.redhat.com/security/cve/CVE-2014-6515
https://access.redhat.com/security/cve/CVE-2014-6527
https://access.redhat.com/security/cve/CVE-2014-6531
https://access.redhat.com/security/cve/CVE-2014-6532
https://access.redhat.com/security/cve/CVE-2014-6558
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/
https://www-01.ibm.com/support/docview.wss?uid=swg21688165
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUbOWGXlSAg2UNWIIRAhPmAJ96YO5JFEg4GS1MkDIeXQkRxbN0hACgoUiY
ehbScogUJnSordhBH11LgWQ=
=ko7F
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
ftp://ssl098zc:Secure12@ftp.usa.hp.com
User name: ssl098zc Password: (NOTE: Case sensitive) Secure12
HP-UX Release
HP-UX OpenSSL version
B.11.11 (11i v1)
A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2)
A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08zc or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
The update is available from HPE Software Depot: https://h20392.www2.hpe.com/
portal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com
Note: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade
to OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported
through March 28, 2016. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04496538
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04496538
Version: 1
HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL,
Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-11-10
Last Updated: 2014-11-10
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP IceWall SSO
Dfw , SSO Certd, and MCRP running OpenSSL.
This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy
Encryption" or "Poodle", which could be exploited remotely resulting in
disclosure of information..
References: CVE-2014-3566 (SSRT101789)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP IceWall MCRP v2.1, v3.0
- HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
- HP IceWall SSO Certd v8.0R3 with DB plugin patch 2 and v10.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score
CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates and workaround instructions to
resolve this vulnerability for HP IceWall SSO Dfw, SSO Certd, and MCRP.
The software updates are available at:
http://www.hp.com/jp/icewall_patchaccess
Notes:
- There are no updates or mitigations for MCRP 2.1 and Dfw
8.0/8.0R1/8.0R2/8.0R3.
- HP recommends updating these older versions to the latest versions and
patches and then following the WORKAROUND INSTRUCTIONS below.
- The WORKAROUND INSTRUCTIONS should be followed after applying the
following updates.
Software Update Versions
HP IceWall MCRP 3.0 Patch release 1
HP IceWall SSO Dfw 10.0 Patch release 7
Note: Both software update versions provide the use of TLSv1 which is not
vulnerable and available for each supported platform.
WORKAROUND INSTRUCTIONS
HP recommends the following information to protect against potential risk
for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
- If possible, do not use the SHOST setting which allows IceWall SSO
Dfw or MCRP to use SSL/TLS protocol to back-end web servers.
- The following steps should be applied if SSL/TLS protocol to back-end
web servers must be used:
o For MCRP: apply MCRP patch release 1
o For Dfw: apply Dfw patch release 7 or later
o Set SSL_PROTOCOL parameter to TLSv1
HP IceWall SSO Certd
- For Certd version 10.0 and 8.0R3: apply DB plugin patch release 2
- If possible, do not use the LDAPSSL setting which allows IceWall SSO
Certd to connect to the LDAP server using SSL/TLS protocol.
- If SSL/TLS protocol must be used to LDAP server, configure the LDAP
server to use only TLSv1 as a mitigation for the vulnerability. For example,
on an OpenLDAP server (slapd), Set the TLSProtocolMin parameter.
Note: The HP IceWall product is only available in Japan.
HISTORY
Version:1 (rev.1) - 10 November 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
HP SiteScope 11.1x
HP SiteScope 11.2x
Important note: HP SiteScope is impacted if and only if it is configured to
work over secure channel (HTTPS). This protocol is now disabled by default.
For the oldstable distribution (wheezy), this problem has been fixed
in version 1.4.31-4+deb7u4.
We recommend that you upgrade your lighttpd packages
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 1.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "suse linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8u"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8o"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8w"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"_id": null,
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.5"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "suse linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "21"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8za"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0b"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8p"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8d"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.4"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8z"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.5"
},
{
"_id": null,
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.1"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1"
},
{
"_id": null,
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"_id": null,
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "10.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.3"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"_id": null,
"model": "mageia",
"scope": "eq",
"trust": 1.0,
"vendor": "mageia",
"version": "3.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8zb"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.4"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8e"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.3"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8q"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0n"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8f"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0"
},
{
"_id": null,
"model": "suse linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "12.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.5"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.3"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "9.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8g"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8l"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.4"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8i"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.2"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8a"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8r"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8t"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8m"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8n"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8j"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.4"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.3"
},
{
"_id": null,
"model": "suse linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "11.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8c"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0a"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2.1"
},
{
"_id": null,
"model": "mageia",
"scope": "eq",
"trust": 1.0,
"vendor": "mageia",
"version": "4.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8b"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8s"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8h"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8y"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.6"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.3.1"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.2"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.2.2"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.1.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.2.2.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "5.1.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 1.0,
"vendor": "netbsd",
"version": "6.0.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "windows vista service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"_id": null,
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.6"
},
{
"_id": null,
"model": "integrated lights out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "21.16"
},
{
"_id": null,
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "tivoli provisioning manager for os deployment 5.1.fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.780"
},
{
"_id": null,
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.1"
},
{
"_id": null,
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "78000"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"_id": null,
"model": "hat enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.842"
},
{
"_id": null,
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.0"
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47100"
},
{
"_id": null,
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"_id": null,
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"_id": null,
"model": "wireless location appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "open source",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.3.1"
},
{
"_id": null,
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"_id": null,
"model": "hat enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4"
},
{
"_id": null,
"model": "commonstore for lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.0"
},
{
"_id": null,
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.0.820"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"_id": null,
"model": "project openssl beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"_id": null,
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "project openssl beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.1.830"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.31"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "network collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"_id": null,
"model": "networks sa2000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"_id": null,
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"_id": null,
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.5.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1.185"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"_id": null,
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "networks sa6500 fips",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.800"
},
{
"_id": null,
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-453"
},
{
"_id": null,
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"_id": null,
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.27"
},
{
"_id": null,
"model": "hat enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0.860"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"_id": null,
"model": "runtimes for java technology",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "networks sa6000 fips",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.840"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"_id": null,
"model": "hat enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.5"
},
{
"_id": null,
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.116"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"_id": null,
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.740"
},
{
"_id": null,
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.5.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "ediscovery analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"_id": null,
"model": "hat enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.0.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "tivoli provisioning manager for os deployment intirim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.133"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "network automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.10"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.2.835"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.3"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"_id": null,
"model": "tivoli netcool/omnibus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"_id": null,
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"_id": null,
"model": "network automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"_id": null,
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "forticlient",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.760"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "4.6"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "fortigate",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.5"
},
{
"_id": null,
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4.27"
},
{
"_id": null,
"model": "phaser",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "67000"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.2"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "tivoli management framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.0.1"
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1.730"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"_id": null,
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.21"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.10"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.6"
},
{
"_id": null,
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli business service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"_id": null,
"model": "operations agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.01"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.03"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "hat enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.5"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"_id": null,
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.31"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "2.0"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.00"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.02"
},
{
"_id": null,
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.00"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "tivoli provisioning manager for os deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.3"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.4"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"_id": null,
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "runtimes for java technology",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.841"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "web interface",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "5.3"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "emergency responder",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mds",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7.770"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.750"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.1"
},
{
"_id": null,
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9.790"
}
],
"sources": [
{
"db": "BID",
"id": "70574"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"credits": {
"_id": null,
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "129266"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "128921"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129071"
},
{
"db": "PACKETSTORM",
"id": "129065"
}
],
"trust": 0.7
},
"cve": "CVE-2014-3566",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71506",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2014-3566",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3566",
"trust": 1.0,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-71506",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-3566",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "VULMON",
"id": "CVE-2014-3566"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"description": {
"_id": null,
"data": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue. OpenSSL is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 prior to 0.9.8zc\nOpenSSL 1.0.0 prior to 1.0.0o\nOpenSSL 1.0.1 prior to 1.0.1j. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. The vulnerability is caused by the program\u0027s use of non-deterministic CBC padding. OpenSSL Security Advisory [15 Oct 2014]\n=======================================\n\nSRTP Memory Leak (CVE-2014-3513)\n================================\n\nSeverity: High\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected. \n\nThis issue was reported to OpenSSL on 26th September 2014, based on an original\nissue and patch developed by the LibreSSL project. Further analysis of the issue\nwas performed by the OpenSSL team. \n\nThe fix was developed by the OpenSSL team. \n\n\nSession Ticket Memory Leak (CVE-2014-3567)\n==========================================\n\nSeverity: Medium\n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. By sending a large number of invalid session\ntickets an attacker could exploit this issue in a Denial Of Service\nattack. \n\nThis issue was reported to OpenSSL on 8th October 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nSSL 3.0 Fallback protection\n===========================\n\nSeverity: Medium\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566). \n\nhttps://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSupport for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller. \n\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n==================================================\n\nSeverity: Low\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. \n\nThis issue was reported to OpenSSL by Akamai Technologies on 14th October 2014. \n\nThe fix was developed by Akamai and the OpenSSL team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20141015.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201507-14\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: July 10, 2015\n Bugs: #537214\n ID: 201507-14\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Oracle JRE/JDK, allowing\nboth local and remote attackers to compromise various Java components. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nAn context-dependent attacker may be able to influence the\nconfidentiality, integrity, and availability of Java\napplications/runtime. \n\nWorkaround\n==========\n\nThere is no workaround at this time. \n\nResolution\n==========\n\nAll Oracle JRE 8 users should upgrade to the latest stable version:\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --oneshot --verbose \"\u003e=dev-java/oracle-jre-bin-1.8.0.31\n\nAll Oracle JDK 8 users should upgrade to the latest stable version:\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --oneshot --verbose \"\u003e=dev-java/oracle-jdk-bin-1.8.0.31\n\nAll Oracle JRE 7 users should upgrade to the latest version:\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --oneshot --verbose \"\u003e=dev-java/oracle-jre-bin-1.7.0.76\n\nAll Oracle JDK 7 users should upgrade to the latest stable version:\n\u003ccode\u003e\n# emerge --sync\n# emerge --ask --oneshot --verbose \"\u003e=dev-java/oracle-jdk-bin-1.7.0.76\n\nReferences\n==========\n\n[ 1 ] CVE-2014-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566\n[ 2 ] CVE-2014-6549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6549\n[ 3 ] CVE-2014-6585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6585\n[ 4 ] CVE-2014-6587\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6587\n[ 5 ] CVE-2014-6591\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6591\n[ 6 ] CVE-2014-6593\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6593\n[ 7 ] CVE-2014-6601\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6601\n[ 8 ] CVE-2015-0383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0383\n[ 9 ] CVE-2015-0395\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0395\n[ 10 ] CVE-2015-0400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0400\n[ 11 ] CVE-2015-0403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0403\n[ 12 ] CVE-2015-0406\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0406\n[ 13 ] CVE-2015-0407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0407\n[ 14 ] CVE-2015-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0408\n[ 15 ] CVE-2015-0410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0410\n[ 16 ] CVE-2015-0412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0412\n[ 17 ] CVE-2015-0413\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0413\n[ 18 ] CVE-2015-0421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0421\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-14\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n HP CMS: UCMDB Browser all supported versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-ibm security update\nAdvisory ID: RHSA-2014:1876-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1876.html\nIssue date: 2014-11-19\nCVE Names: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 \n CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 \n CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 \n CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 \n CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 \n CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 \n CVE-2014-6558 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 Supplementary. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\n\n3. Description:\n\nIBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2014-3065, CVE-2014-3566,\nCVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,\nCVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,\nCVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531,\nCVE-2014-6532, CVE-2014-6558)\n\nThe CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat\nProduct Security. \n\nNote: With this update, the IBM SDK now disables the SSL 3.0 protocol to\naddress the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM\narticle linked to in the References section for additional details about\nthis change and instructions on how to re-enable SSL 3.0 support if needed. \n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR8 release. All running instances\nof IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)\n1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)\n1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)\n1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)\n1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)\n1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)\n1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540)\n1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)\n1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)\n1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)\n1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)\n1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack\n1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm\n\nppc:\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc.rpm\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc64.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc64.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc64.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.ppc.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc64.rpm\n\ns390x:\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390.rpm\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390x.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390x.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390x.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390x.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm\njava-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3065\nhttps://access.redhat.com/security/cve/CVE-2014-3566\nhttps://access.redhat.com/security/cve/CVE-2014-4288\nhttps://access.redhat.com/security/cve/CVE-2014-6456\nhttps://access.redhat.com/security/cve/CVE-2014-6457\nhttps://access.redhat.com/security/cve/CVE-2014-6458\nhttps://access.redhat.com/security/cve/CVE-2014-6476\nhttps://access.redhat.com/security/cve/CVE-2014-6492\nhttps://access.redhat.com/security/cve/CVE-2014-6493\nhttps://access.redhat.com/security/cve/CVE-2014-6502\nhttps://access.redhat.com/security/cve/CVE-2014-6503\nhttps://access.redhat.com/security/cve/CVE-2014-6506\nhttps://access.redhat.com/security/cve/CVE-2014-6511\nhttps://access.redhat.com/security/cve/CVE-2014-6512\nhttps://access.redhat.com/security/cve/CVE-2014-6515\nhttps://access.redhat.com/security/cve/CVE-2014-6527\nhttps://access.redhat.com/security/cve/CVE-2014-6531\nhttps://access.redhat.com/security/cve/CVE-2014-6532\nhttps://access.redhat.com/security/cve/CVE-2014-6558\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://www.ibm.com/developerworks/java/jdk/alerts/\nhttps://www-01.ibm.com/support/docview.wss?uid=swg21688165\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUbOWGXlSAg2UNWIIRAhPmAJ96YO5JFEg4GS1MkDIeXQkRxbN0hACgoUiY\nehbScogUJnSordhBH11LgWQ=\n=ko7F\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nftp://ssl098zc:Secure12@ftp.usa.hp.com\n\nUser name: ssl098zc Password: (NOTE: Case sensitive) Secure12\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zc or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nThe update is available from HPE Software Depot: https://h20392.www2.hpe.com/\nportal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com\n\nNote: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade\nto OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported\nthrough March 28, 2016. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04496538\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04496538\nVersion: 1\n\nHPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL,\nRemote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-11-10\nLast Updated: 2014-11-10\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP IceWall SSO\nDfw , SSO Certd, and MCRP running OpenSSL. \n\nThis is the SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" or \"Poodle\", which could be exploited remotely resulting in\ndisclosure of information.. \n\nReferences: CVE-2014-3566 (SSRT101789)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP IceWall MCRP v2.1, v3.0\n - HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n - HP IceWall SSO Certd v8.0R3 with DB plugin patch 2 and v10.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends the following software updates and workaround instructions to\nresolve this vulnerability for HP IceWall SSO Dfw, SSO Certd, and MCRP. \n\n The software updates are available at:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n Notes:\n\n - There are no updates or mitigations for MCRP 2.1 and Dfw\n8.0/8.0R1/8.0R2/8.0R3. \n - HP recommends updating these older versions to the latest versions and\npatches and then following the WORKAROUND INSTRUCTIONS below. \n - The WORKAROUND INSTRUCTIONS should be followed after applying the\nfollowing updates. \n\n Software Update Versions\n\n HP IceWall MCRP 3.0 Patch release 1\n\n HP IceWall SSO Dfw 10.0 Patch release 7\n\n Note: Both software update versions provide the use of TLSv1 which is not\nvulnerable and available for each supported platform. \n\nWORKAROUND INSTRUCTIONS\n\n HP recommends the following information to protect against potential risk\nfor the following HP IceWall products. \n\n HP IceWall SSO Dfw and MCRP\n\n - If possible, do not use the SHOST setting which allows IceWall SSO\nDfw or MCRP to use SSL/TLS protocol to back-end web servers. \n\n - The following steps should be applied if SSL/TLS protocol to back-end\nweb servers must be used:\n\n o For MCRP: apply MCRP patch release 1\n o For Dfw: apply Dfw patch release 7 or later\n o Set SSL_PROTOCOL parameter to TLSv1\n\n HP IceWall SSO Certd\n\n - For Certd version 10.0 and 8.0R3: apply DB plugin patch release 2\n\n - If possible, do not use the LDAPSSL setting which allows IceWall SSO\nCertd to connect to the LDAP server using SSL/TLS protocol. \n\n - If SSL/TLS protocol must be used to LDAP server, configure the LDAP\nserver to use only TLSv1 as a mitigation for the vulnerability. For example,\non an OpenLDAP server (slapd), Set the TLSProtocolMin parameter. \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 10 November 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nHP SiteScope 11.1x\nHP SiteScope 11.2x\n\nImportant note: HP SiteScope is impacted if and only if it is configured to\nwork over secure channel (HTTPS). This protocol is now disabled by default. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.31-4+deb7u4. \n\nWe recommend that you upgrade your lighttpd packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3566"
},
{
"db": "BID",
"id": "70574"
},
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "VULMON",
"id": "CVE-2014-3566"
},
{
"db": "PACKETSTORM",
"id": "169664"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132641"
},
{
"db": "PACKETSTORM",
"id": "129266"
},
{
"db": "PACKETSTORM",
"id": "129178"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "128921"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129071"
},
{
"db": "PACKETSTORM",
"id": "129065"
},
{
"db": "PACKETSTORM",
"id": "135908"
}
],
"trust": 2.34
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71506",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-3566",
"trust": 2.6
},
{
"db": "BID",
"id": "70574",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61130",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61995",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60792",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61019",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61316",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61827",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61782",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60056",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61810",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61819",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61825",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60206",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61303",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61359",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61345",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59627",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60859",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61926",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031120",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031106",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031124",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031091",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031095",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031088",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031093",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031105",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031094",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031087",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031090",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031107",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031132",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031085",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031039",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031096",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031131",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031029",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031123",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031086",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031130",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031092",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1031089",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA14-290A",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10091",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10104",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10090",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#577193",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10705",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "128921",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129065",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129266",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132641",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136577",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130334",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129071",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135908",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130184",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129150",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132084",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132573",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131354",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128669",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129265",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136599",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129614",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131011",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139063",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128863",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130332",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131690",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128732",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129528",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130052",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133836",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129242",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130046",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130086",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131535",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133368",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131790",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133600",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130072",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129120",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129426",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201410-267",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92692",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71506",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169664",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129178",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "VULMON",
"id": "CVE-2014-3566"
},
{
"db": "BID",
"id": "70574"
},
{
"db": "PACKETSTORM",
"id": "169664"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132641"
},
{
"db": "PACKETSTORM",
"id": "129266"
},
{
"db": "PACKETSTORM",
"id": "129178"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "128921"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129071"
},
{
"db": "PACKETSTORM",
"id": "129065"
},
{
"db": "PACKETSTORM",
"id": "135908"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"id": "VAR-201410-1418",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
}
],
"trust": 0.5931986333333333
},
"last_update_date": "2026-04-10T23:34:59.740000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian Security Advisories: DSA-3489-1 lighttpd -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dcb828f6dad683ea0da76b6c62cde0ea"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=4545b8bd124b33fa1434a34c59003fd5"
},
{
"title": "HP: HPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03360"
},
{
"title": "Debian CVElist Bug Report Logs: Not possible to disable SSLv3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cd46735759deed658e1e15bd89794f91"
},
{
"title": "Amazon Linux AMI: ALAS-2014-426",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-426"
},
{
"title": "Red Hat: CVE-2014-3566",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3566"
},
{
"title": "Amazon Linux AMI: ALAS-2014-429",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-429"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03360 rev.5 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=9e10ca91834a4f14416f4e75e776c6b6"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150085 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150067 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3253-1 pound -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ad76a2fc91623114f1aaa478b7ecbe12"
},
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150068 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150069 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.7.0-oracle security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150079 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150086 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
},
{
"title": "Symantec Security Advisories: SA83 : SSL v3 Poodle Attack",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=3703d1b5dc42da47d311d20afe00de22"
},
{
"title": "Red Hat: Critical: java-1.8.0-oracle security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150080 - Security Advisory"
},
{
"title": "Cisco: SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20141211-CVE-2014-8730"
},
{
"title": "Debian CVElist Bug Report Logs: asterisk: CVE-2014-9374",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5ec9c01ff2551bc64f61573dcb290621"
},
{
"title": "Citrix Security Bulletins: CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=510bf83b7458a7704870eecdfadf5704"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea75db152315222e9fc0490c8b65fb98"
},
{
"title": "Tenable Security Advisories: [R6] SSLv3 Protocol Vulnerability Affects Tenable Products (POODLE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2014-09"
},
{
"title": "Ubuntu Security Notice: openjdk-7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2487-1"
},
{
"title": "Debian Security Advisories: DSA-3144-1 openjdk-7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d750da8121d006282839ec576885794b"
},
{
"title": "Red Hat: Low: Red Hat Satellite IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150264 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3147-1 openjdk-6 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f0587b999035ec3e03b0795bc92b0a31"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2486-1"
},
{
"title": "Amazon Linux AMI: ALAS-2015-480",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-480"
},
{
"title": "Amazon Linux AMI: ALAS-2015-471",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-471"
},
{
"title": "Huawei Security Advisories: Huawei PSIRT: Technical Analysis Report Regarding Finite State Supply Chain Assessment",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=73885f997edba4cefdd6ba9030e87bdc"
},
{
"title": "mangy-beast",
"trust": 0.1,
"url": "https://github.com/ashmastaflash/mangy-beast "
},
{
"title": "BASH_froggPoodler",
"trust": 0.1,
"url": "https://github.com/FroggDev/BASH_froggPoodler "
},
{
"title": "lacework-kaholo-autoremediation",
"trust": 0.1,
"url": "https://github.com/automatecloud/lacework-kaholo-autoremediation "
},
{
"title": "bouncer",
"trust": 0.1,
"url": "https://github.com/ggrandes/bouncer "
},
{
"title": "voipnowpatches",
"trust": 0.1,
"url": "https://github.com/4psa/voipnowpatches "
},
{
"title": "ric13351",
"trust": 0.1,
"url": "https://github.com/bjayesh/ric13351 "
},
{
"title": "squeeze-lighttpd-poodle",
"trust": 0.1,
"url": "https://github.com/matjohns/squeeze-lighttpd-poodle "
},
{
"title": "poodle_check",
"trust": 0.1,
"url": "https://github.com/rameezts/poodle_check "
},
{
"title": "poodle_protector",
"trust": 0.1,
"url": "https://github.com/stdevel/poodle_protector "
},
{
"title": "bouncer",
"trust": 0.1,
"url": "https://github.com/TechPorter20/bouncer "
},
{
"title": "aws_poodle_fix",
"trust": 0.1,
"url": "https://github.com/rvaralda/aws_poodle_fix "
},
{
"title": "dnsmanagerpatches",
"trust": 0.1,
"url": "https://github.com/4psa/dnsmanagerpatches "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Wanderwille/13.01 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3566"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1876.html"
},
{
"trust": 1.2,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/~bodo/ssl-poodle.pdf"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031029"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031039"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031085"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031086"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031087"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031088"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031089"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031090"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031091"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031092"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031093"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031094"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031095"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031096"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031105"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031106"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031107"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031120"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031123"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031124"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031130"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031131"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031132"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59627"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60056"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60206"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60792"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60859"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61019"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61130"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61303"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61316"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61345"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61359"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61782"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61810"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61819"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61825"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61827"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61926"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61995"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/70574"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533747"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533746"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3144"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3147"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3489"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201606-11"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1653.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1877.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1880.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1881.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1882.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1920.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1948.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0068.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0079.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0080.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0085.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0086.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0264.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0698.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1545.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1546.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/ncas/alerts/ta14-290a"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2486-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2487-1"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/577193"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.1,
"url": "http://advisories.mageia.org/mgasa-2014-0416.html"
},
{
"trust": 1.1,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"trust": 1.1,
"url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"
},
{
"trust": 1.1,
"url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"
},
{
"trust": 1.1,
"url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"
},
{
"trust": 1.1,
"url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"
},
{
"trust": 1.1,
"url": "http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf"
},
{
"trust": 1.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2014-011.html"
},
{
"trust": 1.1,
"url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"
},
{
"trust": 1.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034"
},
{
"trust": 1.1,
"url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/ht204244"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx200238"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2015-0003.html"
},
{
"trust": 1.1,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"trust": 1.1,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/articles/1232123"
},
{
"trust": 1.1,
"url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"
},
{
"trust": 1.1,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa83"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789"
},
{
"trust": 1.1,
"url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"
},
{
"trust": 1.1,
"url": "https://github.com/mpgn/poodle-poc"
},
{
"trust": 1.1,
"url": "https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.1,
"url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20141015-0001/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205217"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6527"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6529"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6531"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6535"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6536"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6541"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6542"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx216642"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"trust": 1.1,
"url": "https://technet.microsoft.com/library/security/3009008.aspx"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"
},
{
"trust": 1.1,
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"
},
{
"trust": 1.1,
"url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"
},
{
"trust": 1.1,
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"trust": 1.1,
"url": "https://www.imperialviolet.org/2014/10/14/poodle.html"
},
{
"trust": 1.1,
"url": "https://www.suse.com/support/kb/doc.php?id=7015773"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10104"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10090"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2"
},
{
"trust": 1.0,
"url": "https://templatelab.com/ssl-poodle/"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2"
},
{
"trust": 0.5,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.5,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.5,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141577350823734\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141576815022399\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141620103726640\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141697638231025\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141703183219781\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141697676231104\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141775427104070\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141814011518700\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141715130023061\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141813976718456\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142118135300698\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142296755107581\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142354438527235\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142350743917559\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142350196615714\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142350298616097\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142357976805598\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142962817202793\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290371927178\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144294141001552\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145983526810210\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141450973807288\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142721887231400\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142804214608580\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141450452204552\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141628688425177\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141577087123040\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141694355519663\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141879378918327\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290583027876\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143628269912142\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143039249603103\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142495837901899\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290522027658\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624719706349\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143290437727362\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624590206005\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624679706236\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142740155824959\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142721830231196\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142791032306609\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144101915224472\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143558137709884\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143558192010071\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142805027510172\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142546741516006\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144251162130364\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=141477196830952\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143101048219218\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142496355704097\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142607790919348\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=openssl-dev\u0026amp;m=141333049205629\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10090"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10091"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10104"
},
{
"trust": 0.1,
"url": "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/about/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0412"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0403"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0406"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6593"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6585"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6591"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6591"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0421"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6587"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0410"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6601"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0413"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0410"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0407"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0383"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0395"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6457"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6493"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-4288"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6502"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6456"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6456"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6512"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://www.hpe.com"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/jp/icewall_patchaccess"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71506"
},
{
"db": "PACKETSTORM",
"id": "169664"
},
{
"db": "PACKETSTORM",
"id": "137294"
},
{
"db": "PACKETSTORM",
"id": "132641"
},
{
"db": "PACKETSTORM",
"id": "129266"
},
{
"db": "PACKETSTORM",
"id": "129178"
},
{
"db": "PACKETSTORM",
"id": "130334"
},
{
"db": "PACKETSTORM",
"id": "128921"
},
{
"db": "PACKETSTORM",
"id": "136577"
},
{
"db": "PACKETSTORM",
"id": "129071"
},
{
"db": "PACKETSTORM",
"id": "129065"
},
{
"db": "PACKETSTORM",
"id": "135908"
},
{
"db": "NVD",
"id": "CVE-2014-3566"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-71506",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2014-3566",
"ident": null
},
{
"db": "BID",
"id": "70574",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169664",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137294",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "132641",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129266",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129178",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130334",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128921",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136577",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129071",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129065",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "135908",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-3566",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-71506",
"ident": null
},
{
"date": "2014-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3566",
"ident": null
},
{
"date": "2014-10-14T00:00:00",
"db": "BID",
"id": "70574",
"ident": null
},
{
"date": "2014-10-15T12:12:12",
"db": "PACKETSTORM",
"id": "169664",
"ident": null
},
{
"date": "2016-06-02T16:22:00",
"db": "PACKETSTORM",
"id": "137294",
"ident": null
},
{
"date": "2015-07-10T15:43:42",
"db": "PACKETSTORM",
"id": "132641",
"ident": null
},
{
"date": "2014-11-26T15:08:22",
"db": "PACKETSTORM",
"id": "129266",
"ident": null
},
{
"date": "2014-11-20T16:18:57",
"db": "PACKETSTORM",
"id": "129178",
"ident": null
},
{
"date": "2015-02-10T17:43:07",
"db": "PACKETSTORM",
"id": "130334",
"ident": null
},
{
"date": "2014-10-31T23:08:29",
"db": "PACKETSTORM",
"id": "128921",
"ident": null
},
{
"date": "2016-04-06T13:28:14",
"db": "PACKETSTORM",
"id": "136577",
"ident": null
},
{
"date": "2014-11-12T18:14:00",
"db": "PACKETSTORM",
"id": "129071",
"ident": null
},
{
"date": "2014-11-12T18:13:12",
"db": "PACKETSTORM",
"id": "129065",
"ident": null
},
{
"date": "2016-02-24T23:59:00",
"db": "PACKETSTORM",
"id": "135908",
"ident": null
},
{
"date": "2014-10-15T00:55:02.137000",
"db": "NVD",
"id": "CVE-2014-3566",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-71506",
"ident": null
},
{
"date": "2023-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3566",
"ident": null
},
{
"date": "2015-11-03T18:53:00",
"db": "BID",
"id": "70574",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3566",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "70574"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "70574"
}
],
"trust": 0.3
},
"type": {
"_id": null,
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "70574"
}
],
"trust": 0.3
}
}
VAR-200503-0071
Vulnerability from variot - Updated: 2026-04-10 22:28The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server. This could result in a false sense of security. Oracle has not released any further information about this weakness. The first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. This issue occurs only in Internet Explorer running on Windows. The second issue allows an untrusted applet to interfere with another applet embedded in the same web page. This issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\'\'sandbox\'\' and all restrictions to access restricted resources and systems. BACKGROUND
Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. This connection enables applets on Web sites to be run within a browser on the desktop.
II.
A number of private Java packages exist within the Java Virtual Machine (VM) and are used internally by the VM. Security restrictions prevent Applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException', unless the Applet is signed and the user has chosen to trust the issuer.
III. ANALYSIS
Successful exploitation allows remote attackers to execute hostile Applets that can access, download, upload or execute arbitrary files as well as access the network. A target user must be running a browser on top of a vulnerable Java Virtual Machine to be affected. It is possible for an attacker to create a cross-platform, cross-browser exploit for this vulnerability. Once compromised, an attacker can execute arbitrary code under the privileges of the user who instantiated the vulnerable browser.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms can be exploited if they are running a vulnerable Java Virtual Machine.
V. Other Java Virtual Machines, such as the Microsoft VM, are available and can be used as an alternative.
VI. VENDOR RESPONSE
This issue has been fixed in J2SE v 1.4.2_06 available at:
[15]http://java.sun.com/j2se/1.4.2/download.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1029 to this issue. This is a candidate for inclusion in the CVE list ([16]http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
06/29/2004 Initial vendor notification 06/30/2004 Initial vendor response 08/16/2004 iDEFENSE clients notified 11/22/2004 Public disclosure
IX. CREDIT
Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery.
Get paid for vulnerability research [17]http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright \xa9 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email [18]customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 3.4,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 2.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 2.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre .0 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk .0 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 09",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre .0 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk 07",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 08",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk .0 4",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre .0 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk .0 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.4.0_01"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.3.1_07"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "1.3.1_09"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 1.5,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "symantec",
"version": "8.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.3,
"vendor": "sun",
"version": "1.3.0"
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre .0 01",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_02"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_01"
},
{
"_id": null,
"model": "java sdk-rte",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.4"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_03"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_04"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_4"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.23"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_03"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_02"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_04"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.22"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_05"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_02"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_05"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_05"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_03"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "gentoo",
"version": "*"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_03"
},
{
"_id": null,
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "2.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_07"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_02"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_03"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_01"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_02"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_02"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "conectiva",
"version": "10.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_01"
},
{
"_id": null,
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "2.0.1"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "11.00"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.0_02"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_01"
},
{
"_id": null,
"model": "java sdk-rte",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.3"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_06"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.1_01"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_07"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_06"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_01a"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.3.1_03"
},
{
"_id": null,
"model": "jre .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "jre 06",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 01a",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "jre 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "notes",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "6.5.6"
},
{
"_id": null,
"model": "notes",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.3.1_12"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_05"
},
{
"_id": null,
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.3.1_12"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk",
"scope": "lte",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "1.4.2_05"
},
{
"_id": null,
"model": "enterprise firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v8.0"
},
{
"_id": null,
"model": "gateway security 5400 series",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v2.0"
},
{
"_id": null,
"model": "gateway security 5400 series",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "v2.0.1"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"_id": null,
"model": "e-business suite",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11i"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g"
},
{
"_id": null,
"model": "jinitiator",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"_id": null,
"model": "sdk 01a",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"_id": null,
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"_id": null,
"model": "jre .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "jinitiator",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.3.1"
},
{
"_id": null,
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.3"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"_id": null,
"model": "oracle8i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.1.7.4.0"
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6"
},
{
"_id": null,
"model": "sdk .0 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"_id": null,
"model": "oracle8",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"_id": null,
"model": "enterprise manager application server control",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"_id": null,
"model": "oracle8i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"_id": null,
"model": "oracle8",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "8.0.6.3"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "workflow",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "11.5.9.5"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "jinitiator",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.1.8"
},
{
"_id": null,
"model": "enterprise manager application server control",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.0"
},
{
"_id": null,
"model": "workflow",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "11.5.1"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"_id": null,
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"_id": null,
"model": "enterprise manager grid control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"_id": null,
"model": "forms and reports",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "6.0.8.25"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "forms and reports",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "4.5.10.22"
},
{
"_id": null,
"model": "express server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "6.3.4.0"
},
{
"_id": null,
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.2.6"
},
{
"_id": null,
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.2"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "enterprise manager database control 10g",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.4.1"
},
{
"_id": null,
"model": "hp-ux b.11.22",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.4.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"_id": null,
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "54002.0.1"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.0"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"_id": null,
"model": "java runtime environment 05",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "54002.0"
},
{
"_id": null,
"model": "jre .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8.1"
},
{
"_id": null,
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "http server roll up",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.22"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"_id": null,
"model": "java desktop system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2003"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"_id": null,
"model": "http server for apps only .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"_id": null,
"model": "enterprise firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"_id": null,
"model": "jre .0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"_id": null,
"model": "java runtime environment 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"_id": null,
"model": "java desktop system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.0"
},
{
"_id": null,
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.1"
},
{
"_id": null,
"model": "hp-ux b.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "java runtime environment",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "java sdk/rte for hp-ux pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.0"
},
{
"_id": null,
"model": "java sdk/rte for hp-ux pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.3"
},
{
"_id": null,
"model": "java runtime environment 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3.1"
},
{
"_id": null,
"model": "java runtime environment 08",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "21.3.1"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.9"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.8"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.7"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.6"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.5"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.4"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.3"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.2"
},
{
"_id": null,
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.1"
},
{
"_id": null,
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"_id": null,
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.5"
},
{
"_id": null,
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4.1"
},
{
"_id": null,
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.4"
},
{
"_id": null,
"model": "developer suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"_id": null,
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.2"
},
{
"_id": null,
"model": "collaboration suite release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "29.0.4.1"
},
{
"_id": null,
"model": "oracle9i application server web cache",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.12"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"_id": null,
"model": "lotus notes",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "lotus notes fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"_id": null,
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"_id": null,
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ibm:notes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:jre",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sun:sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:enterprise_firewall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:gateway_security_5400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
}
]
},
"credits": {
"_id": null,
"data": "Jouko Pynnonen jouko@iki.fi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1029",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2004-1029",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2004-1029",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-9459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1029",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#760344",
"trust": 0.8,
"value": "17.55"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#613562",
"trust": 0.8,
"value": "55.60"
},
{
"author": "NVD",
"id": "CVE-2004-1029",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200503-002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-9459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"description": {
"_id": null,
"data": "The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. various Oracle Multiple vulnerabilities exist in the product and its components.Although it depends on the target product, a third party can execute any command or code remotely, leak information in the database, disrupt service operation ( Denial-of-Service,DoS ) Attacks could be made. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet. If a vulnerable version is still installed on the computer, it may be possible for to specify that this version runs the applet instead of an updated version that is not prone to the vulnerability. Users affected by this vulnerability should remove earlier versions of the plug-in. This functionality could also be abused to prompt users to install vulnerable versions of the plug-in, so users should be wary of doing so. This general security weakness has been assigned an individual BID (11757). Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Workflow, Oracle Forms and Reports, Oracle JInitiator, Oracle Developer Suite, and Oracle Express Server are affected by multiple vulnerabilities. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. \nOracle has released a Critical Patch Update advisory for July 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. The issue is that documents may be served with weaker SSL encryption than configured in Oracle HTTP Server. \nThis could result in a false sense of security. Oracle has not released any further information about this weakness. \nThe first issue can allow an untrusted applet to escalate its privileges to access resources with the privilege level of the user running the applet. \nThis issue occurs only in Internet Explorer running on Windows. \nThe second issue allows an untrusted applet to interfere with another applet embedded in the same web page. \nThis issue occurs in Java running on Windows, Solaris, and Linux. A remote attacker can use this vulnerability to bypass the Java\\\u0027\\\u0027sandbox\\\u0027\\\u0027 and all restrictions to access restricted resources and systems. BACKGROUND\n\n Java Plug-in technology, included as part of the Java 2 Runtime\n Environment, Standard Edition (JRE), establishes a connection between\n popular browsers and the Java platform. This connection enables\n applets\n on Web sites to be run within a browser on the desktop. \n\n II. \n\n A number of private Java packages exist within the Java Virtual\n Machine\n (VM) and are used internally by the VM. Security restrictions prevent\n Applets from accessing these packages. Any attempt to access these\n packages, results in a thrown exception of \u0027AccessControlException\u0027,\n unless the Applet is signed and the user has chosen to trust the\n issuer. \n\n III. ANALYSIS\n\n Successful exploitation allows remote attackers to execute hostile\n Applets that can access, download, upload or execute arbitrary files\n as\n well as access the network. A target user must be running a browser on\n top of a vulnerable Java Virtual Machine to be affected. It is\n possible\n for an attacker to create a cross-platform, cross-browser exploit for\n this vulnerability. Once compromised, an attacker can execute\n arbitrary\n code under the privileges of the user who instantiated the vulnerable\n browser. \n\n IV. DETECTION\n\n iDEFENSE has confirmed the existence of this vulnerability in Java 2\n Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun\n Microsystems. Various browsers such as Internet Explorer, Mozilla and Firefox\n on\n both Windows and Unix platforms can be exploited if they are running a\n vulnerable Java Virtual Machine. \n\n V. \n Other Java Virtual Machines, such as the Microsoft VM, are available\n and\n can be used as an alternative. \n\n VI. VENDOR RESPONSE\n\n This issue has been fixed in J2SE v 1.4.2_06 available at:\n\n [15]http://java.sun.com/j2se/1.4.2/download.html\n\n VII. CVE INFORMATION\n\n The Common Vulnerabilities and Exposures (CVE) project has assigned\n the\n name CAN-2004-1029 to this issue. This is a candidate for inclusion in\n the CVE list ([16]http://cve.mitre.org), which standardizes names for\n security problems. \n\n VIII. DISCLOSURE TIMELINE\n\n 06/29/2004 Initial vendor notification\n 06/30/2004 Initial vendor response\n 08/16/2004 iDEFENSE clients notified\n 11/22/2004 Public disclosure\n\n IX. CREDIT\n\n Jouko Pynnonen (jouko[at]iki.fi) is credited with this discovery. \n\n Get paid for vulnerability research\n [17]http://www.idefense.com/poi/teams/vcp.jsp\n\n X. LEGAL NOTICES\n\n Copyright \\xa9 2004 iDEFENSE, Inc. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of iDEFENSE. If you wish to reprint the whole or any\n part of this alert in any other medium other than electronically,\n please\n email [18]customerservice@idefense.com for permission. \n\n Disclaimer: The information in the advisory is believed to be accurate\n at the time of publishing based on currently available information. \n Use\n of the information constitutes acceptance for use in an AS IS\n condition. \n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect,\n or consequential loss or damage arising from use of, or reliance on,\n this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1029"
},
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "PACKETSTORM",
"id": "35118"
}
],
"trust": 5.04
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9459",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2004-1029",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "13271",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#760344",
"trust": 3.3
},
{
"db": "BID",
"id": "12317",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2008-0599",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29035",
"trust": 1.7
},
{
"db": "SREASON",
"id": "61",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#613562",
"trust": 1.6
},
{
"db": "XF",
"id": "18188",
"trust": 1.4
},
{
"db": "BID",
"id": "11726",
"trust": 1.2
},
{
"db": "BID",
"id": "14238",
"trust": 1.1
},
{
"db": "BID",
"id": "14279",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497",
"trust": 0.8
},
{
"db": "USCERT",
"id": "TA05-194A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002",
"trust": 0.7
},
{
"db": "SUNALERT",
"id": "101523",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "57591",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5674",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20041122 SUN JAVA PLUGIN ARBITRARY PACKAGE ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-02-22",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "35118",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "24763",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-78455",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9459",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"id": "VAR-200503-0071",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:28:16.794000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HPSBUX01214",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00897307"
},
{
"title": "HPSBUX01100",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c00899041"
},
{
"title": "HPSBUX01214",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01214.html"
},
{
"title": "HPSBUX01100",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX01100.html"
},
{
"title": "1257249",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
},
{
"title": "j2sdk",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=45#update_content"
},
{
"title": "jdksetup",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=22#update_content"
},
{
"title": "201660",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201660-1"
},
{
"title": "SYM05-001",
"trust": 0.8,
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.01.04.html"
},
{
"title": "SYM05-001",
"trust": 0.8,
"url": "http://www.symantec.com/region/jp/avcenter/security/content/2005.01.04.html"
},
{
"title": "Critical Patch Update - July 2005",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"title": "Critical Patch Updates and Security Alerts ",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm"
},
{
"title": "Map of Public Vulnerability to Advisory/Alert",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html"
},
{
"title": "Critical Patch Update - July 2005",
"trust": 0.8,
"url": "http://otn.oracle.co.jp/security/050715_71/top.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://jouko.iki.fi/adv/javaplugin.html"
},
{
"trust": 2.5,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/760344"
},
{
"trust": 2.2,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257249"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/feb/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12317"
},
{
"trust": 1.7,
"url": "http://rpmfind.net/linux/rpm/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13271"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29035"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/61"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/13271/"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/18188"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5674"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0599"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18188"
},
{
"trust": 0.8,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"trust": 0.8,
"url": "http://java.sun.com/products/plugin/index.jsp"
},
{
"trust": 0.8,
"url": "http://java.sun.com/j2se/desktopjava/jre/index.jsp"
},
{
"trust": 0.8,
"url": "http://java.sun.com/docs/books/tutorial/essential/system/securityintro.html"
},
{
"trust": 0.8,
"url": "http://java.sun.com/j2se/1.5.0/docs/api/java/security/accesscontrolexception.html"
},
{
"trust": 0.8,
"url": "http://java.sun.com/docs/books/tutorial/reflect/"
},
{
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1029"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1029"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/11726"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2005/1074"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vn/jvnta05-194a"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14279"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14238"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta05-194a.html"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/613562"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0599"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5674"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://java.sun.com/products/plugin/versions.html#answers"
},
{
"trust": 0.3,
"url": "http://java.sun.com"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57741-1"
},
{
"trust": 0.3,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2005.01.04.html"
},
{
"trust": 0.3,
"url": "/archive/1/381940"
},
{
"trust": 0.3,
"url": "/archive/1/382281"
},
{
"trust": 0.3,
"url": "/archive/1/382072"
},
{
"trust": 0.3,
"url": "http://www.integrigy.com/analysis.htm"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html"
},
{
"trust": 0.3,
"url": "/archive/1/406293"
},
{
"trust": 0.3,
"url": "/archive/1/404966"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/whitepaper/cpu_july_2005_silently_fixed_bugs.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57708-1"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=158\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://java.sun.com/j2se/1.4.2/download.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1029"
},
{
"trust": 0.1,
"url": "http://java.sun.com/products/plugin/."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
},
{
"db": "CERT/CC",
"id": "VU#613562"
},
{
"db": "VULHUB",
"id": "VHN-9459"
},
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
},
{
"db": "PACKETSTORM",
"id": "35118"
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876"
},
{
"db": "NVD",
"id": "CVE-2004-1029"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#760344",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#613562",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-9459",
"ident": null
},
{
"db": "BID",
"id": "11726",
"ident": null
},
{
"db": "BID",
"id": "14238",
"ident": null
},
{
"db": "BID",
"id": "14279",
"ident": null
},
{
"db": "BID",
"id": "12317",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "35118",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200503-002",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000497",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000876",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2004-1029",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2004-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#760344",
"ident": null
},
{
"date": "2005-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#613562",
"ident": null
},
{
"date": "2005-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-9459",
"ident": null
},
{
"date": "2004-11-22T00:00:00",
"db": "BID",
"id": "11726",
"ident": null
},
{
"date": "2005-07-12T00:00:00",
"db": "BID",
"id": "14238",
"ident": null
},
{
"date": "2005-07-15T00:00:00",
"db": "BID",
"id": "14279",
"ident": null
},
{
"date": "2005-01-20T00:00:00",
"db": "BID",
"id": "12317",
"ident": null
},
{
"date": "2004-11-24T07:03:46",
"db": "PACKETSTORM",
"id": "35118",
"ident": null
},
{
"date": "2004-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-002",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000497",
"ident": null
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000876",
"ident": null
},
{
"date": "2005-03-01T05:00:00",
"db": "NVD",
"id": "CVE-2004-1029",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2004-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#760344",
"ident": null
},
{
"date": "2005-10-19T00:00:00",
"db": "CERT/CC",
"id": "VU#613562",
"ident": null
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9459",
"ident": null
},
{
"date": "2009-07-12T08:06:00",
"db": "BID",
"id": "11726",
"ident": null
},
{
"date": "2009-07-12T16:06:00",
"db": "BID",
"id": "14238",
"ident": null
},
{
"date": "2005-07-15T00:00:00",
"db": "BID",
"id": "14279",
"ident": null
},
{
"date": "2008-04-07T16:18:00",
"db": "BID",
"id": "12317",
"ident": null
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200503-002",
"ident": null
},
{
"date": "2008-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000497",
"ident": null
},
{
"date": "2009-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000876",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-1029",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "14238"
},
{
"db": "BID",
"id": "14279"
},
{
"db": "BID",
"id": "12317"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "Sun Java Plug-in fails to restrict access to private Java packages",
"sources": [
{
"db": "CERT/CC",
"id": "VU#760344"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "11726"
},
{
"db": "BID",
"id": "12317"
}
],
"trust": 0.6
}
}
VAR-200911-0398
Vulnerability from variot - Updated: 2026-03-09 22:17The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731).
The updated packages have been patched to correct these issues. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. ----------------------------------------------------------------------
http://secunia.com/research/
http://secunia.com/company/jobs/open_positions/reverse_engineer
TITLE: Oracle Application Server Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44293
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
RELEASE DATE: 2011-04-24
DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44293/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data.
1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.
For more information see vulnerability #1: SA37291
2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data.
3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data.
For more information see vulnerability #3: SA44246
4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data.
The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. * Oracle Application Server 10g Release 3 version 10.1.3.5.0.
SOLUTION: Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2010:084 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : April 28, 2010 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
Problem Description:
Multiple Java OpenJDK security vulnerabilities has been identified and fixed:
- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092).
- System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).
Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885).
Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages:
- plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474.
Packages for 2009.0 are provided due to the Extended Maintenance Program.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938 http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073
Updated Packages:
Mandriva Linux 2009.0: 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.1: 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2010.0: f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5: 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW +oOtru3I2iYRjlx04fi7wMw= =rIwa -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01
http://security.gentoo.org/
Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact.
A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
[ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 9.04: libnss3-1d 3.12.6-0ubuntu0.9.04.1
After a standard system upgrade you need to restart your session to effect the necessary changes.
Details follow:
USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz
Size/MD5: 36776 09e94267337a3318b4955b7a830f5244
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc
Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 263110 37bf5e46dc372000a1932336ded61143
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 1112446 64e165966e297b247e220aa017851248
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 17790 6a4afb594384085b41502911476f9d27
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 17788 217da64905b090392eb4acfa43d282c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 17794 2f08b7d40b6069754762083051c03f27
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620
-- Jamie Strandboge | http://www.canonical.com . This update addresses these protocol vulnerabilities in lighttpd.
CVE-2009-3555
Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue is solved in lighttpd by disabling client initiated renegotiation by default.
Those users that do actually need such renegotiations, can reenable them via the new 'ssl.disable-client-renegotiation' parameter.
CVE-2012-4929
Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed 'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update disables compression.
For the stable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.2.
For the testing distribution (wheezy), and the unstable distribution (sid) these problems have been fixed in version 1.4.30-1.
We recommend that you upgrade your lighttpd packages. Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) CVE Name: CVE-2009-4146, CVE-2009-4147
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .
I. Background
The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables.
II. Problem Description
When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing.
III. Impact
An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run. On most systems configurations, this will allow a local attacker to execute code as the root user.
IV. Workaround
No workaround is available, but systems without untrusted local users, where all the untrusted local users are jailed superusers, and/or where untrusted users cannot execute arbitrary code (e.g., due to use of read only and noexec mount options) are not affected.
Note that "untrusted local users" include users with the ability to upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they may be able to exploit this issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 7.x]
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc
[FreeBSD 8.0]
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
cd /usr/src/libexec/rtld-elf
make obj && make depend && make && make install
NOTE: On the amd64 platform, the above procedure will not update the ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On amd64 systems where the i386 rtld are installed, the operating system should instead be recompiled as described in
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_7 src/libexec/rtld-elf/rtld.c 1.124.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 RELENG_8 src/libexec/rtld-elf/rtld.c 1.139.2.4 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2
Subversion:
Branch/path Revision
stable/7/ r199981 releng/7.2/ r200054 releng/7.1/ r200054 stable/8/ r199980 releng/8.0/ r200054
VII. HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01945686 Version: 1
HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-25 Last Updated: 2009-11-25
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited
remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location.
HOST ACCOUNT PASSWORD
ftp.usa.hp.com sb02482 Secure12
HP-UX Release Depot name SHA-1 Hash
B.11.11 PA (32 and 64) OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4
B.11.23 (PA and IA) OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2
B.11.31 (PA and IA) OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca
Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used,
applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l.
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08l or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN action: install revision A.00.09.08l.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 25 November 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksNs5IACgkQ4B86/C0qfVmJNQCeMd6pno2UZMwhJYB8yaKTw3Ta H6EAni+Jh3ebmTxXb0gfH5eefN9xqKO3 =h0Pb -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
Kit Name Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "unified communications manager 5.1",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.22"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"_id": null,
"model": "nss",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"_id": null,
"model": "gnutls",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.8.5"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 24",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 26",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ace module a2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "iis",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "7.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnutls",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ace appliance a1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4710"
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.30"
},
{
"_id": null,
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ace application control engine module 3.0 a2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "unified communications manager su1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified computing system blade-server 4.0 n2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.20"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"_id": null,
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x640"
},
{
"_id": null,
"model": "java system directory server patch6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2(1)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)9"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.4"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"_id": null,
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.3.1"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "weblogic server ga",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "windows server for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(5)"
},
{
"_id": null,
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.63"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.41"
},
{
"_id": null,
"model": "project openssl b-36.8",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows vista business sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.16)"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.173.0"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.0.201"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "opensolaris build snv 123",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.1.1"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "ace series application control engine appliances 3.0 a3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4700"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "arubaos rn",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "project proftpd 1.3.2b",
"scope": null,
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "project openssl 0.9.8l",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.01"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "systems insight manager c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "05.00.02"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.4.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.51"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange web conferencing server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "matrixssl",
"scope": "ne",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.8.8"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.10"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.06"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.02"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.5"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "unified ip phone 7911g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "blackberry enterprise server for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.5"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris svn 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"_id": null,
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"_id": null,
"model": "7.0-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.1 sr8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6.1"
},
{
"_id": null,
"model": "windows vista home basic sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.80"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.5"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.4.5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"_id": null,
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.3"
},
{
"_id": null,
"model": "project proftpd a",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "7.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.8"
},
{
"_id": null,
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.24)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15000"
},
{
"_id": null,
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "java system directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.1"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.32"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.19)"
},
{
"_id": null,
"model": "web server r3",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.51"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "7.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5)"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76003.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "2.1-rc21",
"scope": "ne",
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "2.5.6.0"
},
{
"_id": null,
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.3"
},
{
"_id": null,
"model": "project proftpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.6"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "unified ip phone sip",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8(0)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.2"
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/7600"
},
{
"_id": null,
"model": "security agent for callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.628"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.1"
},
{
"_id": null,
"model": "weblogic server mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.5"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.1.3"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.12"
},
{
"_id": null,
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7936"
},
{
"_id": null,
"model": "opensolaris build snv 129",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.4.6"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.4.6"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.4.1"
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "integrated lights-out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "32.05"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)7"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.5"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista business",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.2 sr4b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"_id": null,
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.6"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(0.08)"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified ip phone sip sscp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(6)"
},
{
"_id": null,
"model": "windows xp home sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ironport email security appliance x-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.2"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.2"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "wireless lan controllers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.176.0"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "unified contact center enterprise icm7.1 es46",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.25"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.3.1"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)11"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.2"
},
{
"_id": null,
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.2"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2009.06"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.4"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.10.2.65"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "communication manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.13"
},
{
"_id": null,
"model": "big-ip wan optimization module",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "security agent for ipcc hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "access manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "windows vista home premium sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.24"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.0"
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "integrated lights-out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "21.16"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.8"
},
{
"_id": null,
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"_id": null,
"model": "windows terminal services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.2"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "100000"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-1"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.178.0"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server sp2 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "unified communication manager business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0.x"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "nx-os 4.0 n2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "windows datacenter server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "windows xp professional edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "2.1-rc9",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.2.3"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.2.3"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"_id": null,
"model": "telepresence recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows vista home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "moblin",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.2"
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "opensolaris build snv 122",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.2"
},
{
"_id": null,
"model": "wireless lan control m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(4)"
},
{
"_id": null,
"model": "weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.4"
},
{
"_id": null,
"model": "csm 4.2.3a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"_id": null,
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)16"
},
{
"_id": null,
"model": "pfsense 1.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.1"
},
{
"_id": null,
"model": "access manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.1"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg 8100-c",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.40.3"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager sr2b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.52"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)10"
},
{
"_id": null,
"model": "meeting exchange recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.2"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(2)"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.3.7"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.11"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "windows server web edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.2.5"
},
{
"_id": null,
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.3"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.100.0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.3.0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.4.5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.79"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified ip phone 7906g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.18"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(8)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.7.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "application velocity system 3180a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3.728"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(15)"
},
{
"_id": null,
"model": "ip communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.5"
},
{
"_id": null,
"model": "windows server terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.54"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "83"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.2"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "7.0-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "nx-os 4.1 n2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "arubaos 2.4.8.0-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)16"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2"
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)17"
},
{
"_id": null,
"model": "project proftpd 1.3.2c",
"scope": "ne",
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.659"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76001.1(3.17)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"_id": null,
"model": "access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "web server r1",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(17)"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "6.4-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wireless lan controllers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.112.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.14"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "weblogic server mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3.3"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.3"
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.18"
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.4"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7"
},
{
"_id": null,
"model": "network analysis module 4.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)70"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4.0"
},
{
"_id": null,
"model": "java system web server plugin",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.00"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.64"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4"
},
{
"_id": null,
"model": "matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.13"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.188.0"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"_id": null,
"model": "windows server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.17"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.2.3"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensolaris build snv 128",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.1"
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.1"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7.1"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.6)"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)2"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.4"
},
{
"_id": null,
"model": "java system directory server 2005q4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.207.0"
},
{
"_id": null,
"model": "ons t31 omds metro wdm system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15531"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.2"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "developer\u0027s kit for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.50"
},
{
"_id": null,
"model": "unified ip phone 7960g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.3"
},
{
"_id": null,
"model": "-release-p8",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "windows server for itanium-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.5"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0.4"
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"_id": null,
"model": "windows server for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.3"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(6)"
},
{
"_id": null,
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(3)"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.4"
},
{
"_id": null,
"model": "meeting exchange client registration server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "ace module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"_id": null,
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.12"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.4"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "7.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.4"
},
{
"_id": null,
"model": "7.0-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.2"
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(2)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5.2)"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(7)"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.2.5"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65004.0(9)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.3.1"
},
{
"_id": null,
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.50.3.45"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "java system directory server patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "windows server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.14"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.3"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.19"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(2)"
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager 7.1 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.13"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.27)"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "unified ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.2"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "java enterprise system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "2.1-rc8",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.55)"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.4"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
},
{
"_id": null,
"model": "7.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.182.0"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0"
},
{
"_id": null,
"model": "ace web application firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified ip phone sccp 8.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.1"
},
{
"_id": null,
"model": "windows vista edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "enterprise linux for sap server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "web server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.81)"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.4.6"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.17"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2"
},
{
"_id": null,
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5(8)"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(6.7)"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.6.1"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.1"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.50"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.35"
},
{
"_id": null,
"model": "-release-p6",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "wide area application services 4.1.1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.4"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"_id": null,
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7935"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.10"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(4)"
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 125",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.23"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "7.0-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.3"
},
{
"_id": null,
"model": "6.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)5"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.52"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"_id": null,
"model": "communication manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.2.3"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.15"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.1"
},
{
"_id": null,
"model": "windows server for x64-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"_id": null,
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.9"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.x"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "security agent for icm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9"
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8.6)"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)15"
},
{
"_id": null,
"model": "pfsense",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.2"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.13"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(6.33)"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.53"
},
{
"_id": null,
"model": "java system directory server patch4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4.1"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.8"
},
{
"_id": null,
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"_id": null,
"model": "windows vista ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76004.1(1)"
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.196.0"
},
{
"_id": null,
"model": "unified callmanager 5.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.01"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.3"
},
{
"_id": null,
"model": "unified callmanager 5.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.1.1"
},
{
"_id": null,
"model": "csm 4.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.1 sr8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)23"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.7.1"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.39)"
},
{
"_id": null,
"model": "enterprise virtualization hypervisor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.4"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "etherfast befvp41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39.64"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.8"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified callmanager sr5b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.31"
},
{
"_id": null,
"model": "security agent for callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.1"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.0.0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)10"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76003.1(17)"
},
{
"_id": null,
"model": "web server a",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.193.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"_id": null,
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.44"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.36"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.7"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.17"
},
{
"_id": null,
"model": "project proftpd 1.3.2a",
"scope": null,
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.20"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.13"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "ironport email security appliance x-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1"
},
{
"_id": null,
"model": "ace gss series global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.62.0"
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"_id": null,
"model": "project proftpd .0rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "rsa data protection manager applicance",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.1"
},
{
"_id": null,
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65004.1(1)"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.36"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.7"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.61"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "netbsd",
"version": null
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "spam \u0026 virus blocker b-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.42.7"
},
{
"_id": null,
"model": "ciscoworks wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "java system directory server patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.2"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(1)"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.3.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.176.51"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project proftpd .0rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "unified communications manager sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "wireless control system for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(7)16"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.62"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.9"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"_id": null,
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.5"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.28)"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.x"
},
{
"_id": null,
"model": "windows xp embedded sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified callmanager 4.2 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.3 sr1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0.4.3"
},
{
"_id": null,
"model": "2.1-beta14",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "meeting exchange streaming server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "9.2.4.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0"
},
{
"_id": null,
"model": "pfsense 1.2-rc4",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16000"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2)"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.6"
},
{
"_id": null,
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.3)"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.6"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.7.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.4"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.2.1a",
"scope": null,
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.x"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.34"
},
{
"_id": null,
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "web server 4.3r5",
"scope": "ne",
"trust": 0.3,
"vendor": "zeus",
"version": null
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"_id": null,
"model": "opensolaris build snv 124",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "java sdk sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified ip phone 7940g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "2.5.6.24"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.3"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.1.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.9"
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.7"
},
{
"_id": null,
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "wireless location appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "weblogic server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.03"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.4"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.205.0"
},
{
"_id": null,
"model": "windows for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.11"
},
{
"_id": null,
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)6"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.18"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.6"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "java system web server update",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.07"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.1"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "unified communications manager 7.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"_id": null,
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1.126)"
},
{
"_id": null,
"model": "6.3-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.2"
},
{
"_id": null,
"model": "tivoli endpoint manager patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.23"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified callmanager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.6.0"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)71"
},
{
"_id": null,
"model": "ironport web security management appliance m-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "siparator",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "4.8.1"
},
{
"_id": null,
"model": "web server r5",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "windows vista sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8(0)"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows vista business 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.8"
},
{
"_id": null,
"model": "7.1-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "esx server esx410-201101201",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "windows xp media center edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.01"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(4)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "17000"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.8.7"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.4.2"
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "security agent for icm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"_id": null,
"model": "unified communications manager 6.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "-pre-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.4"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.12"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "4.8.1"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.5.0"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"_id": null,
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.02"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista home premium sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.2"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.18"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.x"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.3"
},
{
"_id": null,
"model": "windows xp embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.16"
},
{
"_id": null,
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.6"
},
{
"_id": null,
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.3"
},
{
"_id": null,
"model": "os/400 v6r1m1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.95"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.17"
},
{
"_id": null,
"model": "ons series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "155000"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0.1"
},
{
"_id": null,
"model": "windows vista business sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "wireless lan control m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "cvlan",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "ironport email security appliance c-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "-release-p1",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.4"
},
{
"_id": null,
"model": "windows terminal services sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ironport email security appliance c-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "7.1-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "windows vista enterprise sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project proftpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "java se sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "6.4-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.10"
},
{
"_id": null,
"model": "one directory server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.23"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.4.5"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4.18)"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.02"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.6"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.52"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.1"
},
{
"_id": null,
"model": "java se sr11 pf1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.1.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.1"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76003.2(15)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.3.1"
},
{
"_id": null,
"model": "unified ip phone 7941g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "project proftpd rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.5.17"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(0.98000.106)"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"_id": null,
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.8.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0.2"
},
{
"_id": null,
"model": "coat systems proxysg 200-c",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.1"
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "db2 universal database fix pack 6a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "windows server itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "ibm xl c/c++ enterprise edition for aix \u0026 hitachi developer\u0027s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "v801-00"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.96"
},
{
"_id": null,
"model": "ironport web security appliance s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
},
{
"_id": null,
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.0.1"
},
{
"_id": null,
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15530"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.1.12"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "4.5"
},
{
"_id": null,
"model": "unified contact center hosted icm7.1 es46",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)2"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.2"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "windows xp embedded sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.60"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "6.0-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "linux enterprise teradata sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.77"
},
{
"_id": null,
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "security agent for ipcc enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"_id": null,
"model": "communication manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.4"
},
{
"_id": null,
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.1.6"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.50"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(5)"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.1"
},
{
"_id": null,
"model": "windows home premium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "windows vista sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3180"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux enterprise java sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.22"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.05.00"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ibm xl c/c++ enterprise edition for aix \u0026 hitachi developer\u0027s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "v701-00"
},
{
"_id": null,
"model": "windows starter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "4.6"
},
{
"_id": null,
"model": "java system application server enterprise edition q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.14"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)14"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows vista home basic sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76004.0(9)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.2.3"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "pfsense 1.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "big-ip wan optimization module",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "network analysis module patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.12"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.1.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4.1"
},
{
"_id": null,
"model": "ace appliance a3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4710"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.6"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"_id": null,
"model": "meeting exchange webportal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-6.0"
},
{
"_id": null,
"model": "unified ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.3"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.601"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "one directory server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.24"
},
{
"_id": null,
"model": "windows vista ultimate sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "unified communications manager 7.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.10"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3-1"
},
{
"_id": null,
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(4.44)"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista enterprise sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.12"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "application networking manager update a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1.22)"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "java system directory server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0"
},
{
"_id": null,
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.1"
},
{
"_id": null,
"model": "ons t31 omds metro wdm system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15532"
},
{
"_id": null,
"model": "blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.19"
},
{
"_id": null,
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"_id": null,
"model": "6.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.8"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "-release-p2",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)78"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.7"
},
{
"_id": null,
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"_id": null,
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "windows vista home basic",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.4.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.79)"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.3.2"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47100"
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "csm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "9.1.5.1"
},
{
"_id": null,
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"_id": null,
"model": "windows vista edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4.27"
},
{
"_id": null,
"model": "unified ip phone 8.0 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "web server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "unified ip phone 8.0 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76002.3.1"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "web server r4",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.2"
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14.5.1.639"
},
{
"_id": null,
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified callmanager sr5c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.7.7"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "6.3-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.13"
},
{
"_id": null,
"model": "java system directory server 2003q4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "java enterprise system 2005q4",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "java system directory server 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "ne",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1310"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.37"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "7.1-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10000"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.11"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "firewalll",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "video surveillance operations manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.27"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0.1"
},
{
"_id": null,
"model": "network collector",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.16"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.4"
},
{
"_id": null,
"model": "windows vista ultimate sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"_id": null,
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.34"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.31"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)006"
},
{
"_id": null,
"model": "windows ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0"
},
{
"_id": null,
"model": "wireless lan controller module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.19"
},
{
"_id": null,
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "bigip sam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "8.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)13"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.2.1b",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "mobile wireless transport manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "systems insight manager c.05.00.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34000"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows datacenter server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(4)"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "firepass",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"_id": null,
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15540"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.4.1"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.0.7a",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)2"
},
{
"_id": null,
"model": "-release-p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.11"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.3"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.10"
},
{
"_id": null,
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "security agent for ipcc enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "windows server itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "arubaos 3.3.2.14-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.01"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.2.5"
},
{
"_id": null,
"model": "unified communications manager sr4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.2.8"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "circle",
"scope": "ne",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.38"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless control system for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ironport web security appliance s-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.3"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1"
},
{
"_id": null,
"model": "etherfast befvp41 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.3"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.4"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.4.6"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.9"
},
{
"_id": null,
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server 4.3r4",
"scope": null,
"trust": 0.3,
"vendor": "zeus",
"version": null
},
{
"_id": null,
"model": "windows xp professional edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"_id": null,
"model": "7.0-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp professional sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.5.2"
},
{
"_id": null,
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.193"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "arubaos 3.3.2.13-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.5"
},
{
"_id": null,
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.5"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3.1"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.9"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.5.1"
},
{
"_id": null,
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.9"
},
{
"_id": null,
"model": "network security services",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.5"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14.5.1.573"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.8"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"_id": null,
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified communications manager 4.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.x"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"_id": null,
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3(2)"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4.30)"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "unified ip phone 7961g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.1.3"
},
{
"_id": null,
"model": "digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0.6"
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.2"
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.2.1"
},
{
"_id": null,
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2.099)"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.6.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.26"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "integrated management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "9.2.3.1"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.3"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "unified ip phone 7970g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.26"
},
{
"_id": null,
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.9)"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.1"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2"
},
{
"_id": null,
"model": "java system directory server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "7.2-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.23"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.4"
},
{
"_id": null,
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "ace application control engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47000"
},
{
"_id": null,
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"_id": null,
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.04.5.1.573"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "-release-p10",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"_id": null,
"model": "security agent for ipcc hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.4"
},
{
"_id": null,
"model": "enterprise linux sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.5"
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp embedded sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.9"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.201"
},
{
"_id": null,
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.5"
},
{
"_id": null,
"model": "unified ip phone 7971g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows vista beta",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(1)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "pfsense 1.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.21"
},
{
"_id": null,
"model": "windows vista enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2-2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(8)"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.657"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65003.1(17)"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.2.5"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.1"
},
{
"_id": null,
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "db2 universal database fix pack 4a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.3.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.04.5.1.639"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65003.2(15)"
},
{
"_id": null,
"model": "java sdk sr13-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"_id": null,
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.7"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 127",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"credits": {
"_id": null,
"data": "Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.6
},
"cve": "CVE-2009-3555",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3555",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 0.8,
"value": "0"
},
{
"author": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-41001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"description": {
"_id": null,
"data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors\u0027 TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. \nSuccessful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client\u0027s initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n The gnutls_x509_crt_get_serial function in the GnuTLS library before\n 1.2.1, when running on big-endian, 64-bit platforms, calls the\n asn1_read_value with a pointer to the wrong data type and the wrong\n length value, which allows remote attackers to bypass the certificate\n revocation list (CRL) check and cause a stack-based buffer overflow\n via a crafted X.509 certificate, related to extraction of a serial\n number (CVE-2010-0731). \n \n The updated packages have been patched to correct these issues. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. ----------------------------------------------------------------------\n\n\nhttp://secunia.com/research/\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Application Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44293\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44293/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nRELEASE DATE:\n2011-04-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44293/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44293/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Oracle Application\nServer, which can be exploited by malicious users and people to\nmanipulate certain data. \n\n1) An error exists in the C Oracle SSL API of the Oracle Security\nService component and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #1:\nSA37291\n\n2) An unspecified error in the Oracle HTTP Server component can be\nexploited to manipulate certain data. \n\n3) An error exists in the Midtier Infrastructure of the Portal\ncomponent and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #3:\nSA44246\n\n4) An unspecified error in the Single Sign On component can be\nexploited by authenticated users to manipulate certain data. \n\nThe vulnerabilities are reported in the following products:\n* Oracle Application Server 10g Release 2 version 10.1.2.3.0. \n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nIt is currently unclear who reported these vulnerabilities as the\nOracle Critical Patch Update for April 2011 only provides a bundled\nlist of credits. This section will be updated when/if the original\nreporter provides more information. \n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2010:084\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : April 28, 2010\n Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple Java OpenJDK security vulnerabilities has been identified\n and fixed:\n \n - TLS: MITM attacks via session renegotiation (CVE-2009-3555). \n - Loader-constraint table allows arrays instead of only the b\n ase-classes (CVE-2010-0082). \n - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). \n - File TOCTOU deserialization vulnerability (CVE-2010-0085). \n - Inflater/Deflater clone issues (CVE-2010-0088). \n - Unsigned applet can retrieve the dragged information before drop\n action occurs (CVE-2010-0091). \n - AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error\n (CVE-2010-0092). \n - System.arraycopy unable to reference elements beyond\n Integer.MAX_VALUE bytes (CVE-2010-0093). \n - Deserialization of RMIConnectionImpl objects should enforce stricter\n checks (CVE-2010-0094). \n - Subclasses of InetAddress may incorrectly interpret network addresses\n (CVE-2010-0095). \n - JAR unpack200 must verify input parameters (CVE-2010-0837). \n - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). \n - Applet Trusted Methods Chaining Privilege Escalation Vulner ability\n (CVE-2010-0840). \n - No ClassCastException for HashAttributeSet constructors if run with\n -Xcomp (CVE-2010-0845)\n - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). \n - AWT Library Invalid Index Vulnerability (CVE-2010-0848). \n \n Additional security issues that was fixed with IcedTea6 1.6.2:\n - deprecate MD2 in SSL cert validation (CVE-2009-2409). \n - ICC_Profile file existence detection information leak\n (CVE-2009-3728). \n - JRE AWT setDifflCM stack overflow (CVE-2009-3869). \n - JRE AWT setBytePixels heap overflow (CVE-2009-3871). \n - JPEG Image Writer quantization problem (CVE-2009-3873). \n - ImageI/O JPEG heap overflow (CVE-2009-3874). \n - MessageDigest.isEqual introduces timing attack vulnerabilities\n (CVE-2009-3875). \n - OpenJDK ASN.1/DER input stream parser denial of service\n (CVE-2009-3876, CVE-2009-3877)\n - GraphicsConfiguration information leak (CVE-2009-3879). \n - UI logging information leakage (CVE-2009-3880). \n - resurrected classloaders can still have children (CVE-2009-3881). \n - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). \n - Mutable statics in Windows PL\u0026F (findbugs) (CVE-2009-3883). \n - zoneinfo file existence information leak (CVE-2009-3884). \n - BMP parsing DoS with UNC ICC links (CVE-2009-3885). \n \n Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found\n and fixed a bug in IcedTea6 1.8 that is also applied to the provided\n packages:\n \n * plugin/icedteanp/IcedTeaNPPlugin.cc\n (plugin_filter_environment): Increment malloc size by one to\n account for\n NULL terminator. Bug# 474. \n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938\n http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html\n http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW\n+oOtru3I2iYRjlx04fi7wMw=\n=rIwa\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Products: Multiple vulnerabilities\n Date: January 08, 2013\n Bugs: #180159, #181361, #207261, #238535, #246602, #251322,\n #255221, #255234, #255687, #257577, #260062, #261386,\n #262704, #267234, #273918, #277752, #280226, #280234,\n #280393, #282549, #284439, #286721, #290892, #292034,\n #297532, #305689, #307045, #311021, #312361, #312645,\n #312651, #312675, #312679, #312763, #313003, #324735,\n #326341, #329279, #336396, #341821, #342847, #348316,\n #357057, #360055, #360315, #365323, #373595, #379549,\n #381245, #388045, #390771, #395431, #401701, #403183,\n #404437, #408161, #413657, #419917, #427224, #433383,\n #437780, #439586, #439960, #444318\n ID: 201301-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which\nmay allow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. XULRunner is a Mozilla runtime package\nthat can be used to bootstrap XUL+XPCOM applications such as Firefox\nand Thunderbird. NSS is Mozilla\u0027s Network Security Services library\nthat implements PKI support. IceCat is the GNU version of Firefox. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 10.0.11 \u003e= 10.0.11\n 2 www-client/firefox-bin \u003c 10.0.11 \u003e= 10.0.11\n 3 mail-client/thunderbird \u003c 10.0.11 \u003e= 10.0.11\n 4 mail-client/thunderbird-bin\n \u003c 10.0.11 \u003e= 10.0.11\n 5 www-client/seamonkey \u003c 2.14-r1 \u003e= 2.14-r1\n 6 www-client/seamonkey-bin\n \u003c 2.14 \u003e= 2.14\n 7 dev-libs/nss \u003c 3.14 \u003e= 3.14\n 8 www-client/mozilla-firefox\n \u003c= 3.6.8 Vulnerable!\n 9 www-client/mozilla-firefox-bin\n \u003c= 3.5.6 Vulnerable!\n 10 mail-client/mozilla-thunderbird\n \u003c= 3.0.4-r1 Vulnerable!\n 11 mail-client/mozilla-thunderbird-bin\n \u003c= 3.0 Vulnerable!\n 12 www-client/icecat \u003c= 10.0-r1 Vulnerable!\n 13 net-libs/xulrunner \u003c= 2.0-r1 Vulnerable!\n 14 net-libs/xulrunner-bin \u003c= 1.8.1.19 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 14 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nbypass restrictions and protection mechanisms, force file downloads,\nconduct XML injection attacks, conduct XSS attacks, bypass the Same\nOrigin Policy, spoof URL\u0027s for phishing attacks, trigger a vertical\nscroll, spoof the location bar, spoof an SSL indicator, modify the\nbrowser\u0027s font, conduct clickjacking attacks, or have other unspecified\nimpact. \n\nA local attacker could gain escalated privileges, obtain sensitive\ninformation, or replace an arbitrary downloaded file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.14-r1\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.14\"\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.14\"\n\nThe \"www-client/mozilla-firefox\" package has been merged into the\n\"www-client/firefox\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox\" and then emerge the latest\n\"www-client/firefox\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nThe \"www-client/mozilla-firefox-bin\" package has been merged into the\n\"www-client/firefox-bin\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox-bin\" and then emerge the latest\n\"www-client/firefox-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nThe \"mail-client/mozilla-thunderbird\" package has been merged into the\n\"mail-client/thunderbird\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird\" and then emerge the latest\n\"mail-client/thunderbird\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nThe \"mail-client/mozilla-thunderbird-bin\" package has been merged into\nthe \"mail-client/thunderbird-bin\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird-bin\" and then emerge the latest\n\"mail-client/thunderbird-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nGentoo discontinued support for GNU IceCat. We recommend that users\nunmerge GNU IceCat:\n\n # emerge --unmerge \"www-client/icecat\"\n\nGentoo discontinued support for XULRunner. We recommend that users\nunmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner\"\n\nGentoo discontinued support for the XULRunner binary package. We\nrecommend that users unmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner-bin\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3101\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101\n[ 2 ] CVE-2007-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436\n[ 3 ] CVE-2007-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437\n[ 4 ] CVE-2007-2671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671\n[ 5 ] CVE-2007-3073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073\n[ 6 ] CVE-2008-0016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016\n[ 7 ] CVE-2008-0017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017\n[ 8 ] CVE-2008-0367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367\n[ 9 ] CVE-2008-3835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835\n[ 10 ] CVE-2008-3836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836\n[ 11 ] CVE-2008-3837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837\n[ 12 ] CVE-2008-4058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058\n[ 13 ] CVE-2008-4059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059\n[ 14 ] CVE-2008-4060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060\n[ 15 ] CVE-2008-4061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061\n[ 16 ] CVE-2008-4062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062\n[ 17 ] CVE-2008-4063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063\n[ 18 ] CVE-2008-4064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064\n[ 19 ] CVE-2008-4065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065\n[ 20 ] CVE-2008-4066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066\n[ 21 ] CVE-2008-4067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067\n[ 22 ] CVE-2008-4068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068\n[ 23 ] CVE-2008-4069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069\n[ 24 ] CVE-2008-4070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070\n[ 25 ] CVE-2008-4582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582\n[ 26 ] CVE-2008-5012\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012\n[ 27 ] CVE-2008-5013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013\n[ 28 ] CVE-2008-5014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014\n[ 29 ] CVE-2008-5015\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015\n[ 30 ] CVE-2008-5016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016\n[ 31 ] CVE-2008-5017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017\n[ 32 ] CVE-2008-5018\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018\n[ 33 ] CVE-2008-5019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019\n[ 34 ] CVE-2008-5021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021\n[ 35 ] CVE-2008-5022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022\n[ 36 ] CVE-2008-5023\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023\n[ 37 ] CVE-2008-5024\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024\n[ 38 ] CVE-2008-5052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052\n[ 39 ] CVE-2008-5500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500\n[ 40 ] CVE-2008-5501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501\n[ 41 ] CVE-2008-5502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502\n[ 42 ] CVE-2008-5503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503\n[ 43 ] CVE-2008-5504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504\n[ 44 ] CVE-2008-5505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505\n[ 45 ] CVE-2008-5506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506\n[ 46 ] CVE-2008-5507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507\n[ 47 ] CVE-2008-5508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508\n[ 48 ] CVE-2008-5510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510\n[ 49 ] CVE-2008-5511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511\n[ 50 ] CVE-2008-5512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512\n[ 51 ] CVE-2008-5513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513\n[ 52 ] CVE-2008-5822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822\n[ 53 ] CVE-2008-5913\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913\n[ 54 ] CVE-2008-6961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961\n[ 55 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 56 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 57 ] CVE-2009-0352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352\n[ 58 ] CVE-2009-0353\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353\n[ 59 ] CVE-2009-0354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354\n[ 60 ] CVE-2009-0355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355\n[ 61 ] CVE-2009-0356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356\n[ 62 ] CVE-2009-0357\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357\n[ 63 ] CVE-2009-0358\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358\n[ 64 ] CVE-2009-0652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652\n[ 65 ] CVE-2009-0771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771\n[ 66 ] CVE-2009-0772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772\n[ 67 ] CVE-2009-0773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773\n[ 68 ] CVE-2009-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774\n[ 69 ] CVE-2009-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775\n[ 70 ] CVE-2009-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776\n[ 71 ] CVE-2009-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777\n[ 72 ] CVE-2009-1044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044\n[ 73 ] CVE-2009-1169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169\n[ 74 ] CVE-2009-1302\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302\n[ 75 ] CVE-2009-1303\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303\n[ 76 ] CVE-2009-1304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304\n[ 77 ] CVE-2009-1305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305\n[ 78 ] CVE-2009-1306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306\n[ 79 ] CVE-2009-1307\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307\n[ 80 ] CVE-2009-1308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308\n[ 81 ] CVE-2009-1309\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309\n[ 82 ] CVE-2009-1310\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310\n[ 83 ] CVE-2009-1311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311\n[ 84 ] CVE-2009-1312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312\n[ 85 ] CVE-2009-1313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313\n[ 86 ] CVE-2009-1392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392\n[ 87 ] CVE-2009-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563\n[ 88 ] CVE-2009-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571\n[ 89 ] CVE-2009-1828\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828\n[ 90 ] CVE-2009-1832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832\n[ 91 ] CVE-2009-1833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833\n[ 92 ] CVE-2009-1834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834\n[ 93 ] CVE-2009-1835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835\n[ 94 ] CVE-2009-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836\n[ 95 ] CVE-2009-1837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837\n[ 96 ] CVE-2009-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838\n[ 97 ] CVE-2009-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839\n[ 98 ] CVE-2009-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840\n[ 99 ] CVE-2009-1841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841\n[ 100 ] CVE-2009-2043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043\n[ 101 ] CVE-2009-2044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044\n[ 102 ] CVE-2009-2061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061\n[ 103 ] CVE-2009-2065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065\n[ 104 ] CVE-2009-2210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210\n[ 105 ] CVE-2009-2404\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404\n[ 106 ] CVE-2009-2408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408\n[ 107 ] CVE-2009-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462\n[ 108 ] CVE-2009-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463\n[ 109 ] CVE-2009-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464\n[ 110 ] CVE-2009-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465\n[ 111 ] CVE-2009-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466\n[ 112 ] CVE-2009-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467\n[ 113 ] CVE-2009-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469\n[ 114 ] CVE-2009-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470\n[ 115 ] CVE-2009-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471\n[ 116 ] CVE-2009-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472\n[ 117 ] CVE-2009-2477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477\n[ 118 ] CVE-2009-2478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478\n[ 119 ] CVE-2009-2479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479\n[ 120 ] CVE-2009-2535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535\n[ 121 ] CVE-2009-2654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654\n[ 122 ] CVE-2009-2662\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662\n[ 123 ] CVE-2009-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664\n[ 124 ] CVE-2009-2665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665\n[ 125 ] CVE-2009-3069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069\n[ 126 ] CVE-2009-3070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070\n[ 127 ] CVE-2009-3071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071\n[ 128 ] CVE-2009-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072\n[ 129 ] CVE-2009-3074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074\n[ 130 ] CVE-2009-3075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075\n[ 131 ] CVE-2009-3076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076\n[ 132 ] CVE-2009-3077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077\n[ 133 ] CVE-2009-3078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078\n[ 134 ] CVE-2009-3079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079\n[ 135 ] CVE-2009-3274\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274\n[ 136 ] CVE-2009-3371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371\n[ 137 ] CVE-2009-3372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372\n[ 138 ] CVE-2009-3373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373\n[ 139 ] CVE-2009-3374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374\n[ 140 ] CVE-2009-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375\n[ 141 ] CVE-2009-3376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376\n[ 142 ] CVE-2009-3377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377\n[ 143 ] CVE-2009-3378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378\n[ 144 ] CVE-2009-3379\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379\n[ 145 ] CVE-2009-3380\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380\n[ 146 ] CVE-2009-3381\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381\n[ 147 ] CVE-2009-3382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382\n[ 148 ] CVE-2009-3383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383\n[ 149 ] CVE-2009-3388\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388\n[ 150 ] CVE-2009-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389\n[ 151 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 152 ] CVE-2009-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978\n[ 153 ] CVE-2009-3979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979\n[ 154 ] CVE-2009-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980\n[ 155 ] CVE-2009-3981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981\n[ 156 ] CVE-2009-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982\n[ 157 ] CVE-2009-3983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983\n[ 158 ] CVE-2009-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984\n[ 159 ] CVE-2009-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985\n[ 160 ] CVE-2009-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986\n[ 161 ] CVE-2009-3987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987\n[ 162 ] CVE-2009-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988\n[ 163 ] CVE-2010-0159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159\n[ 164 ] CVE-2010-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160\n[ 165 ] CVE-2010-0162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162\n[ 166 ] CVE-2010-0163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163\n[ 167 ] CVE-2010-0164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164\n[ 168 ] CVE-2010-0165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165\n[ 169 ] CVE-2010-0166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166\n[ 170 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 171 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 172 ] CVE-2010-0168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168\n[ 173 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 174 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 175 ] CVE-2010-0170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170\n[ 176 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 177 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 178 ] CVE-2010-0172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172\n[ 179 ] CVE-2010-0173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173\n[ 180 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 181 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 182 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 183 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 184 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 185 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 186 ] CVE-2010-0177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177\n[ 187 ] CVE-2010-0178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178\n[ 188 ] CVE-2010-0179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179\n[ 189 ] CVE-2010-0181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181\n[ 190 ] CVE-2010-0182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182\n[ 191 ] CVE-2010-0183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183\n[ 192 ] CVE-2010-0220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220\n[ 193 ] CVE-2010-0648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648\n[ 194 ] CVE-2010-0654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654\n[ 195 ] CVE-2010-1028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028\n[ 196 ] CVE-2010-1121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121\n[ 197 ] CVE-2010-1125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125\n[ 198 ] CVE-2010-1196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196\n[ 199 ] CVE-2010-1197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197\n[ 200 ] CVE-2010-1198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198\n[ 201 ] CVE-2010-1199\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199\n[ 202 ] CVE-2010-1200\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200\n[ 203 ] CVE-2010-1201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201\n[ 204 ] CVE-2010-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202\n[ 205 ] CVE-2010-1203\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203\n[ 206 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 207 ] CVE-2010-1206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206\n[ 208 ] CVE-2010-1207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207\n[ 209 ] CVE-2010-1208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208\n[ 210 ] CVE-2010-1209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209\n[ 211 ] CVE-2010-1210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210\n[ 212 ] CVE-2010-1211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211\n[ 213 ] CVE-2010-1212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212\n[ 214 ] CVE-2010-1213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213\n[ 215 ] CVE-2010-1214\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214\n[ 216 ] CVE-2010-1215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215\n[ 217 ] CVE-2010-1585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585\n[ 218 ] CVE-2010-2751\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751\n[ 219 ] CVE-2010-2752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752\n[ 220 ] CVE-2010-2753\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753\n[ 221 ] CVE-2010-2754\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754\n[ 222 ] CVE-2010-2755\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755\n[ 223 ] CVE-2010-2760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760\n[ 224 ] CVE-2010-2762\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762\n[ 225 ] CVE-2010-2763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763\n[ 226 ] CVE-2010-2764\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764\n[ 227 ] CVE-2010-2765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765\n[ 228 ] CVE-2010-2766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766\n[ 229 ] CVE-2010-2767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767\n[ 230 ] CVE-2010-2768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768\n[ 231 ] CVE-2010-2769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769\n[ 232 ] CVE-2010-2770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770\n[ 233 ] CVE-2010-3131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131\n[ 234 ] CVE-2010-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166\n[ 235 ] CVE-2010-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167\n[ 236 ] CVE-2010-3168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168\n[ 237 ] CVE-2010-3169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169\n[ 238 ] CVE-2010-3170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170\n[ 239 ] CVE-2010-3171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171\n[ 240 ] CVE-2010-3173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173\n[ 241 ] CVE-2010-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174\n[ 242 ] CVE-2010-3175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175\n[ 243 ] CVE-2010-3176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176\n[ 244 ] CVE-2010-3177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177\n[ 245 ] CVE-2010-3178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178\n[ 246 ] CVE-2010-3179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179\n[ 247 ] CVE-2010-3180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180\n[ 248 ] CVE-2010-3182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182\n[ 249 ] CVE-2010-3183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183\n[ 250 ] CVE-2010-3399\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399\n[ 251 ] CVE-2010-3400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400\n[ 252 ] CVE-2010-3765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765\n[ 253 ] CVE-2010-3766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766\n[ 254 ] CVE-2010-3767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767\n[ 255 ] CVE-2010-3768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768\n[ 256 ] CVE-2010-3769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769\n[ 257 ] CVE-2010-3770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770\n[ 258 ] CVE-2010-3771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771\n[ 259 ] CVE-2010-3772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772\n[ 260 ] CVE-2010-3773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773\n[ 261 ] CVE-2010-3774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774\n[ 262 ] CVE-2010-3775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775\n[ 263 ] CVE-2010-3776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776\n[ 264 ] CVE-2010-3777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777\n[ 265 ] CVE-2010-3778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778\n[ 266 ] CVE-2010-4508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508\n[ 267 ] CVE-2010-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074\n[ 268 ] CVE-2011-0051\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051\n[ 269 ] CVE-2011-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053\n[ 270 ] CVE-2011-0054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054\n[ 271 ] CVE-2011-0055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055\n[ 272 ] CVE-2011-0056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056\n[ 273 ] CVE-2011-0057\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057\n[ 274 ] CVE-2011-0058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058\n[ 275 ] CVE-2011-0059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059\n[ 276 ] CVE-2011-0061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061\n[ 277 ] CVE-2011-0062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062\n[ 278 ] CVE-2011-0065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065\n[ 279 ] CVE-2011-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066\n[ 280 ] CVE-2011-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067\n[ 281 ] CVE-2011-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068\n[ 282 ] CVE-2011-0069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069\n[ 283 ] CVE-2011-0070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070\n[ 284 ] CVE-2011-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071\n[ 285 ] CVE-2011-0072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072\n[ 286 ] CVE-2011-0073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073\n[ 287 ] CVE-2011-0074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074\n[ 288 ] CVE-2011-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075\n[ 289 ] CVE-2011-0076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076\n[ 290 ] CVE-2011-0077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077\n[ 291 ] CVE-2011-0078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078\n[ 292 ] CVE-2011-0079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079\n[ 293 ] CVE-2011-0080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080\n[ 294 ] CVE-2011-0081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081\n[ 295 ] CVE-2011-0082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082\n[ 296 ] CVE-2011-0083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083\n[ 297 ] CVE-2011-0084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084\n[ 298 ] CVE-2011-0085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085\n[ 299 ] CVE-2011-1187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187\n[ 300 ] CVE-2011-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202\n[ 301 ] CVE-2011-1712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712\n[ 302 ] CVE-2011-2362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362\n[ 303 ] CVE-2011-2363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363\n[ 304 ] CVE-2011-2364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364\n[ 305 ] CVE-2011-2365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365\n[ 306 ] CVE-2011-2369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369\n[ 307 ] CVE-2011-2370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370\n[ 308 ] CVE-2011-2371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371\n[ 309 ] CVE-2011-2372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372\n[ 310 ] CVE-2011-2373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373\n[ 311 ] CVE-2011-2374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374\n[ 312 ] CVE-2011-2375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375\n[ 313 ] CVE-2011-2376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376\n[ 314 ] CVE-2011-2377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377\n[ 315 ] CVE-2011-2378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378\n[ 316 ] CVE-2011-2605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605\n[ 317 ] CVE-2011-2980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980\n[ 318 ] CVE-2011-2981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981\n[ 319 ] CVE-2011-2982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982\n[ 320 ] CVE-2011-2983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983\n[ 321 ] CVE-2011-2984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984\n[ 322 ] CVE-2011-2985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985\n[ 323 ] CVE-2011-2986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986\n[ 324 ] CVE-2011-2987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987\n[ 325 ] CVE-2011-2988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988\n[ 326 ] CVE-2011-2989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989\n[ 327 ] CVE-2011-2990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990\n[ 328 ] CVE-2011-2991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991\n[ 329 ] CVE-2011-2993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993\n[ 330 ] CVE-2011-2995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995\n[ 331 ] CVE-2011-2996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996\n[ 332 ] CVE-2011-2997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997\n[ 333 ] CVE-2011-2998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998\n[ 334 ] CVE-2011-2999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999\n[ 335 ] CVE-2011-3000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000\n[ 336 ] CVE-2011-3001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001\n[ 337 ] CVE-2011-3002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002\n[ 338 ] CVE-2011-3003\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003\n[ 339 ] CVE-2011-3004\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004\n[ 340 ] CVE-2011-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005\n[ 341 ] CVE-2011-3026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 342 ] CVE-2011-3062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062\n[ 343 ] CVE-2011-3232\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232\n[ 344 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 345 ] CVE-2011-3640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640\n[ 346 ] CVE-2011-3647\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647\n[ 347 ] CVE-2011-3648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648\n[ 348 ] CVE-2011-3649\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649\n[ 349 ] CVE-2011-3650\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650\n[ 350 ] CVE-2011-3651\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651\n[ 351 ] CVE-2011-3652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652\n[ 352 ] CVE-2011-3653\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653\n[ 353 ] CVE-2011-3654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654\n[ 354 ] CVE-2011-3655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655\n[ 355 ] CVE-2011-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658\n[ 356 ] CVE-2011-3659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659\n[ 357 ] CVE-2011-3660\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660\n[ 358 ] CVE-2011-3661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661\n[ 359 ] CVE-2011-3663\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663\n[ 360 ] CVE-2011-3665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665\n[ 361 ] CVE-2011-3670\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670\n[ 362 ] CVE-2011-3866\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866\n[ 363 ] CVE-2011-4688\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688\n[ 364 ] CVE-2012-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441\n[ 365 ] CVE-2012-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442\n[ 366 ] CVE-2012-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443\n[ 367 ] CVE-2012-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444\n[ 368 ] CVE-2012-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445\n[ 369 ] CVE-2012-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446\n[ 370 ] CVE-2012-0447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447\n[ 371 ] CVE-2012-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449\n[ 372 ] CVE-2012-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450\n[ 373 ] CVE-2012-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451\n[ 374 ] CVE-2012-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452\n[ 375 ] CVE-2012-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455\n[ 376 ] CVE-2012-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456\n[ 377 ] CVE-2012-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457\n[ 378 ] CVE-2012-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458\n[ 379 ] CVE-2012-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459\n[ 380 ] CVE-2012-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460\n[ 381 ] CVE-2012-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461\n[ 382 ] CVE-2012-0462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462\n[ 383 ] CVE-2012-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463\n[ 384 ] CVE-2012-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464\n[ 385 ] CVE-2012-0467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467\n[ 386 ] CVE-2012-0468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468\n[ 387 ] CVE-2012-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469\n[ 388 ] CVE-2012-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470\n[ 389 ] CVE-2012-0471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471\n[ 390 ] CVE-2012-0473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473\n[ 391 ] CVE-2012-0474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474\n[ 392 ] CVE-2012-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475\n[ 393 ] CVE-2012-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477\n[ 394 ] CVE-2012-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478\n[ 395 ] CVE-2012-0479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479\n[ 396 ] CVE-2012-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937\n[ 397 ] CVE-2012-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938\n[ 398 ] CVE-2012-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939\n[ 399 ] CVE-2012-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940\n[ 400 ] CVE-2012-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941\n[ 401 ] CVE-2012-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945\n[ 402 ] CVE-2012-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946\n[ 403 ] CVE-2012-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947\n[ 404 ] CVE-2012-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948\n[ 405 ] CVE-2012-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949\n[ 406 ] CVE-2012-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950\n[ 407 ] CVE-2012-1951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951\n[ 408 ] CVE-2012-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952\n[ 409 ] CVE-2012-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953\n[ 410 ] CVE-2012-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954\n[ 411 ] CVE-2012-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955\n[ 412 ] CVE-2012-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956\n[ 413 ] CVE-2012-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957\n[ 414 ] CVE-2012-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958\n[ 415 ] CVE-2012-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959\n[ 416 ] CVE-2012-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960\n[ 417 ] CVE-2012-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961\n[ 418 ] CVE-2012-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962\n[ 419 ] CVE-2012-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963\n[ 420 ] CVE-2012-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964\n[ 421 ] CVE-2012-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965\n[ 422 ] CVE-2012-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966\n[ 423 ] CVE-2012-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967\n[ 424 ] CVE-2012-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970\n[ 425 ] CVE-2012-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971\n[ 426 ] CVE-2012-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972\n[ 427 ] CVE-2012-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973\n[ 428 ] CVE-2012-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974\n[ 429 ] CVE-2012-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975\n[ 430 ] CVE-2012-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976\n[ 431 ] CVE-2012-1994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994\n[ 432 ] CVE-2012-3956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956\n[ 433 ] CVE-2012-3957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957\n[ 434 ] CVE-2012-3958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958\n[ 435 ] CVE-2012-3959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959\n[ 436 ] CVE-2012-3960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960\n[ 437 ] CVE-2012-3961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961\n[ 438 ] CVE-2012-3962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962\n[ 439 ] CVE-2012-3963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963\n[ 440 ] CVE-2012-3964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964\n[ 441 ] CVE-2012-3965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965\n[ 442 ] CVE-2012-3966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966\n[ 443 ] CVE-2012-3967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967\n[ 444 ] CVE-2012-3968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968\n[ 445 ] CVE-2012-3969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969\n[ 446 ] CVE-2012-3970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970\n[ 447 ] CVE-2012-3971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971\n[ 448 ] CVE-2012-3972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972\n[ 449 ] CVE-2012-3973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973\n[ 450 ] CVE-2012-3975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975\n[ 451 ] CVE-2012-3976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976\n[ 452 ] CVE-2012-3977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977\n[ 453 ] CVE-2012-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978\n[ 454 ] CVE-2012-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980\n[ 455 ] CVE-2012-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982\n[ 456 ] CVE-2012-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984\n[ 457 ] CVE-2012-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985\n[ 458 ] CVE-2012-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986\n[ 459 ] CVE-2012-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988\n[ 460 ] CVE-2012-3989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989\n[ 461 ] CVE-2012-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990\n[ 462 ] CVE-2012-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991\n[ 463 ] CVE-2012-3992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992\n[ 464 ] CVE-2012-3993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993\n[ 465 ] CVE-2012-3994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994\n[ 466 ] CVE-2012-3995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995\n[ 467 ] CVE-2012-4179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179\n[ 468 ] CVE-2012-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180\n[ 469 ] CVE-2012-4181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181\n[ 470 ] CVE-2012-4182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182\n[ 471 ] CVE-2012-4183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183\n[ 472 ] CVE-2012-4184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184\n[ 473 ] CVE-2012-4185\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185\n[ 474 ] CVE-2012-4186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186\n[ 475 ] CVE-2012-4187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187\n[ 476 ] CVE-2012-4188\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188\n[ 477 ] CVE-2012-4190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190\n[ 478 ] CVE-2012-4191\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191\n[ 479 ] CVE-2012-4192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192\n[ 480 ] CVE-2012-4193\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193\n[ 481 ] CVE-2012-4194\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194\n[ 482 ] CVE-2012-4195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195\n[ 483 ] CVE-2012-4196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196\n[ 484 ] CVE-2012-4201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201\n[ 485 ] CVE-2012-4202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202\n[ 486 ] CVE-2012-4204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204\n[ 487 ] CVE-2012-4205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205\n[ 488 ] CVE-2012-4206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206\n[ 489 ] CVE-2012-4207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207\n[ 490 ] CVE-2012-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208\n[ 491 ] CVE-2012-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209\n[ 492 ] CVE-2012-4210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210\n[ 493 ] CVE-2012-4212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212\n[ 494 ] CVE-2012-4215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215\n[ 495 ] CVE-2012-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216\n[ 496 ] CVE-2012-5354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354\n[ 497 ] CVE-2012-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829\n[ 498 ] CVE-2012-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830\n[ 499 ] CVE-2012-5833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833\n[ 500 ] CVE-2012-5835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835\n[ 501 ] CVE-2012-5836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836\n[ 502 ] CVE-2012-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838\n[ 503 ] CVE-2012-5839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839\n[ 504 ] CVE-2012-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840\n[ 505 ] CVE-2012-5841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841\n[ 506 ] CVE-2012-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842\n[ 507 ] CVE-2012-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843\n[ 508 ] Firefox Blocking Fraudulent Certificates\n\nhttp://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=\nertificates/\n[ 509 ] Mozilla Foundation Security Advisory 2011-11\n http://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n[ 510 ] Mozilla Foundation Security Advisory 2011-34\n http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-927-6 July 23, 2010\nnss vulnerability\nCVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 9.04:\n libnss3-1d 3.12.6-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart your session to effect\nthe necessary changes. \n\nDetails follow:\n\nUSN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the\ncorresponding updates for Ubuntu 9.04. \n\nOriginal advisory details:\n\n Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user\u0027s session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it. \n\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz\n Size/MD5: 36776 09e94267337a3318b4955b7a830f5244\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc\n Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz\n Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 263110 37bf5e46dc372000a1932336ded61143\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 1112446 64e165966e297b247e220aa017851248\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 17790 6a4afb594384085b41502911476f9d27\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 17788 217da64905b090392eb4acfa43d282c2\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 17794 2f08b7d40b6069754762083051c03f27\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620\n\n\n\n-- \nJamie Strandboge | http://www.canonical.com\n. This\nupdate addresses these protocol vulnerabilities in lighttpd. \n\nCVE-2009-3555\n\n Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS\n and SSLv3 protocols do not properly associate renegotiation\n handshakes with an existing connection, which allows man-in-the-middle\n attackers to insert data into HTTPS sessions. This issue is solved\n in lighttpd by disabling client initiated renegotiation by default. \n \n Those users that do actually need such renegotiations, can reenable\n them via the new \u0027ssl.disable-client-renegotiation\u0027 parameter. \n\nCVE-2012-4929\n\n Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL\n protocol when using compression. This side channel attack, dubbed\n \u0027CRIME\u0027, allows eavesdroppers to gather information to recover the\n original plaintext in the protocol. This update disables compression. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.2. \n\nFor the testing distribution (wheezy), and the unstable distribution (sid)\nthese problems have been fixed in version 1.4.30-1. \n\nWe recommend that you upgrade your lighttpd packages. \nCorrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE)\n 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)\n 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE)\n 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)\n 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)\nCVE Name: CVE-2009-4146, CVE-2009-4147\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nThe run-time link-editor, rtld, links dynamic executable with their\nneeded libraries at run-time. It also allows users to explicitly\nload libraries via various LD_ environmental variables. \n\nII. Problem Description\n\nWhen running setuid programs rtld will normally remove potentially\ndangerous environment variables. Due to recent changes in FreeBSD\nenvironment variable handling code, a corrupt environment may\nresult in attempts to unset environment variables failing. \n\nIII. Impact\n\nAn unprivileged user who can execute programs on a system can gain\nthe privileges of any setuid program which he can run. On most\nsystems configurations, this will allow a local attacker to execute\ncode as the root user. \n\nIV. Workaround\n\nNo workaround is available, but systems without untrusted local users,\nwhere all the untrusted local users are jailed superusers, and/or where\nuntrusted users cannot execute arbitrary code (e.g., due to use of read\nonly and noexec mount options) are not affected. \n\nNote that \"untrusted local users\" include users with the ability to\nupload and execute web scripts (CGI, PHP, Python, Perl etc.), as they\nmay be able to exploit this issue. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE,\nor to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated\nafter the correction date. \n\n2) To patch your present system:\n\nThe following patches have been verified to apply to FreeBSD 7.1, 7.2,\nand 8.0 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc\n\n[FreeBSD 8.0]\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/libexec/rtld-elf\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On\namd64 systems where the i386 rtld are installed, the operating system\nshould instead be recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- -------------------------------------------------------------------------\nRELENG_7\n src/libexec/rtld-elf/rtld.c 1.124.2.7\nRELENG_7_2\n src/UPDATING 1.507.2.23.2.8\n src/sys/conf/newvers.sh 1.72.2.11.2.9\n src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2\nRELENG_7_1\n src/UPDATING 1.507.2.13.2.12\n src/sys/conf/newvers.sh 1.72.2.9.2.13\n src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2\nRELENG_8\n src/libexec/rtld-elf/rtld.c 1.139.2.4\nRELENG_8_0\n src/UPDATING 1.632.2.7.2.4\n src/sys/conf/newvers.sh 1.83.2.6.2.4\n src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/7/ r199981\nreleng/7.2/ r200054\nreleng/7.1/ r200054\nstable/8/ r199980\nreleng/8.0/ r200054\n- -------------------------------------------------------------------------\n\nVII. \nHP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01945686\nVersion: 1\n\nHPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-11-25\nLast Updated: 2009-11-25\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited\n\nremotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location. \n\nHOST\n ACCOUNT\n PASSWORD\n\nftp.usa.hp.com\n sb02482\n Secure12\n\nHP-UX Release\n Depot name\n SHA-1 Hash\n\nB.11.11 PA (32 and 64)\n OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot\n 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4\n\nB.11.23 (PA and IA)\n OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot\n 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2\n\nB.11.31 (PA and IA)\n OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot\n 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca\n\nNote: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used,\n\napplications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l. \n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08l or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\naction: install revision A.00.09.08l.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-LIB.2\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PRNG.2\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-RUN.2\naction: install revision A.00.09.08l.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-LIB.2\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PRNG.2\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-RUN.2\naction: install revision A.00.09.08l.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 25 November 2009 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAksNs5IACgkQ4B86/C0qfVmJNQCeMd6pno2UZMwhJYB8yaKTw3Ta\nH6EAni+Jh3ebmTxXb0gfH5eefN9xqKO3\n=h0Pb\n-----END PGP SIGNATURE-----\n. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3555"
},
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "PACKETSTORM",
"id": "101257"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=10071",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-41001",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-3555",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#120541",
"trust": 2.9
},
{
"db": "HITACHI",
"id": "HS10-030",
"trust": 2.0
},
{
"db": "BID",
"id": "36935",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "38781",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42377",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37501",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39632",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37604",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41972",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43308",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38241",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37859",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40070",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41818",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42816",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42379",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38020",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42467",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37320",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37640",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37656",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37383",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42724",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38003",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42733",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38484",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40545",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40866",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39242",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38056",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39278",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39243",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42808",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37675",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39127",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39461",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39819",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37453",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40747",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41490",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39628",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44954",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39500",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42811",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37291",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41480",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37399",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39713",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38687",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37504",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39136",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41967",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023217",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023273",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023274",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023206",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023272",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023427",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023218",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023163",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023214",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023211",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023219",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023216",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024789",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023148",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023213",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023271",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023243",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023209",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023215",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023208",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023411",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023204",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023224",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023210",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023207",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023426",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023428",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023205",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023275",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023270",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023212",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2745",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3353",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3069",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3354",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3484",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1793",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3310",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0982",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0033",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3220",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2010",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1639",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3126",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0916",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3164",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0032",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3313",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0748",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1350",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3521",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0994",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1191",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0173",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3587",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0933",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3205",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1054",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0848",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1673",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3165",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/07/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/5",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/06/3",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "65202",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "62210",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "60521",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "60972",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-222A",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-287A",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.2853",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2561",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10939",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "130868",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83271",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120365",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "92095",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89136",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "10071",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82657",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106155",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89667",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88224",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123380",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84181",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41001",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-3555",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "44293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111920",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"id": "VAR-200911-0398",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
],
"trust": 0.6623591435714286
},
"last_update_date": "2026-03-09T22:17:46.450000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security Update for Windows XP (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39675"
},
{
"title": "Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39679"
},
{
"title": "Security Update for Windows Server 2008 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39683"
},
{
"title": "Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39687"
},
{
"title": "Security Update for Windows Server 2003 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39615"
},
{
"title": "Security Update for Windows Vista for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39619"
},
{
"title": "Security Update for Windows 7 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39623"
},
{
"title": "Security Update for Windows Server 2008 R2 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39626"
},
{
"title": "Security Update for Windows Server 2003 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39678"
},
{
"title": "Security Update for Windows Server 2008 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39682"
},
{
"title": "Security Update for Windows 7 for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39686"
},
{
"title": "Security Update for Windows XP x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39614"
},
{
"title": "Security Update for Windows Vista (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39618"
},
{
"title": "Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39622"
},
{
"title": "Security Update for Windows Server 2003 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39677"
},
{
"title": "Security Update for Windows Vista for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39681"
},
{
"title": "Security Update for Windows 7 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39685"
},
{
"title": "Security Update for Windows XP (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39613"
},
{
"title": "Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39617"
},
{
"title": "Security Update for Windows Server 2008 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39621"
},
{
"title": "Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39625"
},
{
"title": "Security Update for Windows XP x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39676"
},
{
"title": "Security Update for Windows Vista (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39680"
},
{
"title": "Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39684"
},
{
"title": "Security Update for Windows Server 2008 R2 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39688"
},
{
"title": "Security Update for Windows Server 2003 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39616"
},
{
"title": "Security Update for Windows Server 2008 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39620"
},
{
"title": "Security Update for Windows 7 for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39624"
},
{
"title": "Thunderbird Setup 3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4468"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4472"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4471"
},
{
"title": "thunderbird-3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4470"
},
{
"title": "Thunderbird 3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4469"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4473"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100167 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd and httpd22 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100011 - Security Advisory"
},
{
"title": "Red Hat: Moderate: java-1.4.2-ibm security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100155 - Security Advisory"
},
{
"title": "Red Hat: Moderate: openssl097a security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100164 - Security Advisory"
},
{
"title": "Red Hat: Moderate: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100165 - Security Advisory"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100166 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100162 - Security Advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100163 - Security Advisory"
},
{
"title": "Red Hat: Low: JBoss Enterprise Web Server 1.0.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100119 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-6"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-990-2"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-1"
},
{
"title": "Ubuntu Security Notice: openssl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-990-1"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-4"
},
{
"title": "Cisco: Transport Layer Security Renegotiation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20091109-tls"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-860-1"
},
{
"title": "Red Hat: Moderate: java-1.5.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100130 - Security Advisory"
},
{
"title": "Cisco: Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20091105-CVE-2009-3555"
},
{
"title": "Debian CVElist Bug Report Logs: \"slowloris\" denial-of-service vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5ed45f95901af77f1f752912d098b48e"
},
{
"title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d"
},
{
"title": "Debian Security Advisories: DSA-2626-1 lighttpd -- several issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=885d01db2c0276e75192acacb224a6e8"
},
{
"title": "Debian CVElist Bug Report Logs: Not possible to disable SSLv3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cd46735759deed658e1e15bd89794f91"
},
{
"title": "Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a134c3483f034e2df5ced5ad7428ec"
},
{
"title": "Debian Security Advisories: DSA-3253-1 pound -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ad76a2fc91623114f1aaa478b7ecbe12"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=48a9651e9438ab2ad49c32956a8040ab"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2010-22",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2010-22"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2013-5914 CVE-2013-5915",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3ea56f82629f8bb9aeeedb7aa86eb416"
},
{
"title": "Symantec Security Advisories: SA44 : TLS/SSLv3 renegotiation (CVE-2009-3555)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92adf6d8db72928bb63961cc8473a936"
},
{
"title": "Red Hat: Critical: java-1.4.2-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100786 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2009-3555",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d154eb6a1f821c737dadd179519e99ce"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100339 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100768 - Security Advisory"
},
{
"title": "Citrix Security Bulletins: Transport Layer Security Renegotiation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=d26786915d99808385e93927bb7516fd"
},
{
"title": "Citrix Security Bulletins: Vulnerability in Citrix Online Plug-ins and ICA Clients Could Result in SSL/TLS Certificate Spoofing",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=8a0ec21ac35be2b30e769ff0af90fa26"
},
{
"title": "Red Hat: Critical: java-1.5.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100338 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100337 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091694 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100770 - Security Advisory"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d7005a2e6744b7e4f77d0105454de35d"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-923-1"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d8e6425b0cb8b545dc1e50945dafb2c0"
},
{
"title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1010-1"
},
{
"title": "Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e934b8269c86666c1ebc108ca0e3d35"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "VMware Security Advisories: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93"
},
{
"title": "DPSSLClientProfile",
"trust": 0.1,
"url": "https://github.com/ADesprets/DPSSLClientProfile "
},
{
"title": "letsencrypt-lighttpd",
"trust": 0.1,
"url": "https://github.com/galeone/letsencrypt-lighttpd "
},
{
"title": "igrill-smoker",
"trust": 0.1,
"url": "https://github.com/kins-dev/igrill-smoker "
},
{
"title": "hanase",
"trust": 0.1,
"url": "https://github.com/ekiojp/hanase "
},
{
"title": "CVE-HOWTO",
"trust": 0.1,
"url": "https://github.com/RedHatProductSecurity/CVE-HOWTO "
},
{
"title": "pulse-secure-vpn-mitm-research",
"trust": 0.1,
"url": "https://github.com/withdk/pulse-secure-vpn-mitm-research "
},
{
"title": "pulse-secure-vpn-mitm-research",
"trust": 0.1,
"url": "https://github.com/withdk/pulse-secure-mitm-research "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://extendedsubset.com/?p=8"
},
{
"trust": 2.6,
"url": "http://support.citrix.com/article/ctx123359"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=780"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=786"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=789"
},
{
"trust": 2.5,
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"trust": 2.5,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"trust": 2.5,
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"trust": 2.5,
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"trust": 2.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/36935"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"trust": 2.0,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
},
{
"trust": 2.0,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"trust": 2.0,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"trust": 2.0,
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100081611"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100114315"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100114327"
},
{
"trust": 2.0,
"url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"trust": 2.0,
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"trust": 2.0,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
},
{
"trust": 2.0,
"url": "http://www.ingate.com/relnote.php?ver=481"
},
{
"trust": 2.0,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"trust": 2.0,
"url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"trust": 2.0,
"url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
},
{
"trust": 2.0,
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"trust": 2.0,
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"trust": 1.9,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1023148"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023163"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023204"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023205"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023206"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023207"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023208"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023209"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023210"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023211"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023212"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023213"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023214"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023215"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023216"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023217"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023218"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023219"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023224"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023243"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023270"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023271"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023272"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023273"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023274"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023275"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023411"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023426"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023427"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023428"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1024789"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2009/nov/139"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37291"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37320"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37383"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37399"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37453"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37501"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37504"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37604"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37640"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37656"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37675"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37859"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38003"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38020"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38056"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38241"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38484"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38687"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38781"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39127"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39136"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39242"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39243"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39278"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39461"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39500"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39628"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39632"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39713"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39819"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40070"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40545"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40747"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40866"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41480"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41490"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41818"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41967"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41972"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42377"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42379"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42467"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42724"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42733"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42808"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42811"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42816"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43308"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44954"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://osvdb.org/60521"
},
{
"trust": 1.7,
"url": "http://osvdb.org/60972"
},
{
"trust": 1.7,
"url": "http://osvdb.org/62210"
},
{
"trust": 1.7,
"url": "http://osvdb.org/65202"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
},
{
"trust": 1.7,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
},
{
"trust": 1.7,
"url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1010-1"
},
{
"trust": 1.7,
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-4"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-5"
},
{
"trust": 1.7,
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"trust": 1.7,
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"trust": 1.7,
"url": "http://clicky.me/tlsvuln"
},
{
"trust": 1.7,
"url": "http://extendedsubset.com/renegotiating_tls.pdf"
},
{
"trust": 1.7,
"url": "http://kbase.redhat.com/faq/docs/doc-20491"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4004"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4170"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4171"
},
{
"trust": 1.7,
"url": "http://support.avaya.com/css/p8/documents/100070150"
},
{
"trust": 1.7,
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"trust": 1.7,
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 1.7,
"url": "http://www.betanews.com/article/1257452450"
},
{
"trust": 1.7,
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"trust": 1.7,
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/support/search/view/944/"
},
{
"trust": 1.7,
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"trust": 1.7,
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"trust": 1.6,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.8,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=18790"
},
{
"trust": 0.8,
"url": "http://www.links.org/files/no-renegotiation-2.patch"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1694"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1580"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0119"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2011:0880"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1579"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0440"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0338"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0339"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0337"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0155"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2009-3555"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0807"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0011"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0130"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0987"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0865"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0986"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1591"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0166"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0165"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0167"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0162"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0164"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0163"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=apache-"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0786"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0408"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0768"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0770"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10939"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-tivoli-netcool-omnibus-probe-for-network-node-manager-i-cve-2009-3555/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2561/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2853"
},
{
"trust": 0.3,
"url": "mozilla"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html"
},
{
"trust": 0.3,
"url": "http://blog.pfsense.org/?p=531"
},
{
"trust": 0.3,
"url": "http://www.opera.com/support/kb/view/944/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/ssl_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21410851"
},
{
"trust": 0.3,
"url": "http://www.openssl.org/news/changelog.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.15"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21390112"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/nov/att-119/esa-2013-077.txt"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02122104"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21420576"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/archives/cat_releases.html"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/index.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 0.3,
"url": "http://msmvps.com/blogs/alunj/archive/2009/11/18/1740656.aspx"
},
{
"trust": 0.3,
"url": "https://developer.mozilla.org/nss_3.12.5_release_notes"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata45.html"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata46.html"
},
{
"trust": 0.3,
"url": "http://article.gmane.org/gmane.network.openvpn.devel/2835"
},
{
"trust": 0.3,
"url": "http://www.opera.com/docs/changelogs/windows/1050/"
},
{
"trust": 0.3,
"url": "http://my.opera.com/securitygroup/blog/2010/01/23/alpha-testing-tls-renego-fix"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03942.html"
},
{
"trust": 0.3,
"url": "http://www.porcupine.org/postfix-mirror/smtp-renegotiate.pdf"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/documents/33/sshtectiaguardian_2.0.2b_releasenotes.txt"
},
{
"trust": 0.3,
"url": "http://tools.ietf.org/html/rfc5746"
},
{
"trust": 0.3,
"url": "http://www.g-sec.lu/tls-ssl-proof-of-concept.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa44\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_721_en.pdf"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000106.html"
},
{
"trust": 0.3,
"url": "/archive/1/510726"
},
{
"trust": 0.3,
"url": "/archive/1/508176"
},
{
"trust": 0.3,
"url": "/archive/1/508130"
},
{
"trust": 0.3,
"url": "/archive/1/507952"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/mar/84"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21415080"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
},
{
"trust": 0.3,
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20091112-01.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100074555"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100071565"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100072446"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100077741"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100078357"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100080915"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100081602"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100082047"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100092059"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100107778"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100080668"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21607116"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
},
{
"trust": 0.3,
"url": "http://fortiguard.com/psirt/fg-ir-17-137"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995\u0026admit=109447626+1284637282234+28353475"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
},
{
"trust": 0.3,
"url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02616748\u0026admit=109447627+1291997777000+28353475"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic69118"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/977377.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7005950\u0026sliceid=1"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2010-0119.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.3,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
},
{
"trust": 0.1,
"url": "https://github.com/adesprets/dpsslclientprofile"
},
{
"trust": 0.1,
"url": "https://github.com/galeone/letsencrypt-lighttpd"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091105-cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20886"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/"
},
{
"trust": 0.1,
"url": "http://secunia.com/research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3879"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
},
{
"trust": 0.1,
"url": "http://blogs.sun.com/darcy/resource/openjdk_6/openjdk6-b18-changes-summary.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3881"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3882"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3873"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3875"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3874"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3880"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en\u0026cc=us\u0026prodnameid=3188475\u0026prodtypeid=329290\u0026prodseriesid=3188465\u0026swlang=8\u0026taskid=135\u0026swenvoid=1113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1828"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0353"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2043"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3655"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1125"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3003"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0057"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1940"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1834"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1952"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0164"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1211"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2408"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1304"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1392"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5023"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5508"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1307"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3866"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1213"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0352"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0051"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5502"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3658"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3004"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1950"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2369"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3381"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5022"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5024"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1203"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0085"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1302"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4185"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5913"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3663"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3274"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1197"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3232"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3380"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0357"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0220"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0055"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5052"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5513"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2752"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3388"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2753"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2764"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2751"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2991"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0358"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3670"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4186"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0054"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2662"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1309"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0355"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1200"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2362"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0056"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4195"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3660"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2762"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3399"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5019"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0457"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0356"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4205"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3379"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4508"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1306"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0455"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3647"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4210"
},
{
"trust": 0.1,
"url": "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1305"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1214"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1947"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1712"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1199"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2365"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2404"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1198"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5512"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5830"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5015"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1313"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0159"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1939"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4191"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2763"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2364"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2754"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5510"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4192"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3959"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3665"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5822"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3649"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3653"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1312"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3383"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1303"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2755"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1948"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0166"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5018"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2363"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0084"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3652"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1941"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201301-01.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1937"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2665"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://www.canonical.com"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4146"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4147"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-09:16.rtld.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld7.patch"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld7.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld.patch"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/hpsim"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2009-3555",
"ident": null
},
{
"db": "BID",
"id": "36935",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89136",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130868",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100761",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89026",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111583",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "119293",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "92095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "120365",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83415",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "91749",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83271",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-11-11T00:00:00",
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"date": "2009-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"date": "2009-11-04T00:00:00",
"db": "BID",
"id": "36935",
"ident": null
},
{
"date": "2010-05-03T23:54:02",
"db": "PACKETSTORM",
"id": "89136",
"ident": null
},
{
"date": "2015-03-18T00:44:34",
"db": "PACKETSTORM",
"id": "130868",
"ident": null
},
{
"date": "2011-04-24T07:03:07",
"db": "PACKETSTORM",
"id": "100761",
"ident": null
},
{
"date": "2010-04-28T20:44:54",
"db": "PACKETSTORM",
"id": "89026",
"ident": null
},
{
"date": "2012-04-05T00:45:56",
"db": "PACKETSTORM",
"id": "111583",
"ident": null
},
{
"date": "2011-05-10T00:45:11",
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"date": "2013-01-08T03:21:24",
"db": "PACKETSTORM",
"id": "119293",
"ident": null
},
{
"date": "2010-07-23T18:03:56",
"db": "PACKETSTORM",
"id": "92095",
"ident": null
},
{
"date": "2013-02-18T15:23:02",
"db": "PACKETSTORM",
"id": "120365",
"ident": null
},
{
"date": "2009-12-03T21:03:04",
"db": "PACKETSTORM",
"id": "83415",
"ident": null
},
{
"date": "2010-07-14T04:19:30",
"db": "PACKETSTORM",
"id": "91749",
"ident": null
},
{
"date": "2012-04-17T20:41:11",
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"date": "2009-11-30T21:44:08",
"db": "PACKETSTORM",
"id": "83271",
"ident": null
},
{
"date": "2009-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"date": "2009-11-09T17:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "36935",
"ident": null
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "SSL and TLS protocols renegotiation vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.6
}
}
VAR-201609-0597
Vulnerability from variot - Updated: 2026-03-09 22:15The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: python security update Advisory ID: RHSA-2018:2123-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2123 Issue date: 2018-07-03 CVE Names: CVE-2016-2183 =====================================================================
- Summary:
An update for python is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
Note: This update modifies the Python ssl module to disable 3DES cipher suites by default.
Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
ppc64: python-2.7.5-69.el7_5.ppc64.rpm python-debuginfo-2.7.5-69.el7_5.ppc.rpm python-debuginfo-2.7.5-69.el7_5.ppc64.rpm python-devel-2.7.5-69.el7_5.ppc64.rpm python-libs-2.7.5-69.el7_5.ppc.rpm python-libs-2.7.5-69.el7_5.ppc64.rpm
ppc64le: python-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-devel-2.7.5-69.el7_5.ppc64le.rpm python-libs-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-devel-2.7.5-69.el7_5.s390x.rpm python-libs-2.7.5-69.el7_5.s390.rpm python-libs-2.7.5-69.el7_5.s390x.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
aarch64: python-2.7.5-69.el7_5.aarch64.rpm python-debuginfo-2.7.5-69.el7_5.aarch64.rpm python-devel-2.7.5-69.el7_5.aarch64.rpm python-libs-2.7.5-69.el7_5.aarch64.rpm
ppc64le: python-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-devel-2.7.5-69.el7_5.ppc64le.rpm python-libs-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-devel-2.7.5-69.el7_5.s390x.rpm python-libs-2.7.5-69.el7_5.s390.rpm python-libs-2.7.5-69.el7_5.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: python-debug-2.7.5-69.el7_5.ppc64.rpm python-debuginfo-2.7.5-69.el7_5.ppc64.rpm python-test-2.7.5-69.el7_5.ppc64.rpm python-tools-2.7.5-69.el7_5.ppc64.rpm tkinter-2.7.5-69.el7_5.ppc64.rpm
ppc64le: python-debug-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-test-2.7.5-69.el7_5.ppc64le.rpm python-tools-2.7.5-69.el7_5.ppc64le.rpm tkinter-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-debug-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-test-2.7.5-69.el7_5.s390x.rpm python-tools-2.7.5-69.el7_5.s390x.rpm tkinter-2.7.5-69.el7_5.s390x.rpm
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: python-debug-2.7.5-69.el7_5.aarch64.rpm python-debuginfo-2.7.5-69.el7_5.aarch64.rpm python-test-2.7.5-69.el7_5.aarch64.rpm python-tools-2.7.5-69.el7_5.aarch64.rpm tkinter-2.7.5-69.el7_5.aarch64.rpm
ppc64le: python-debug-2.7.5-69.el7_5.ppc64le.rpm python-debuginfo-2.7.5-69.el7_5.ppc64le.rpm python-test-2.7.5-69.el7_5.ppc64le.rpm python-tools-2.7.5-69.el7_5.ppc64le.rpm tkinter-2.7.5-69.el7_5.ppc64le.rpm
s390x: python-debug-2.7.5-69.el7_5.s390x.rpm python-debuginfo-2.7.5-69.el7_5.s390x.rpm python-test-2.7.5-69.el7_5.s390x.rpm python-tools-2.7.5-69.el7_5.s390x.rpm tkinter-2.7.5-69.el7_5.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: python-2.7.5-69.el7_5.src.rpm
x86_64: python-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.i686.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-devel-2.7.5-69.el7_5.x86_64.rpm python-libs-2.7.5-69.el7_5.i686.rpm python-libs-2.7.5-69.el7_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: python-debug-2.7.5-69.el7_5.x86_64.rpm python-debuginfo-2.7.5-69.el7_5.x86_64.rpm python-test-2.7.5-69.el7_5.x86_64.rpm python-tools-2.7.5-69.el7_5.x86_64.rpm tkinter-2.7.5-69.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBWzuDSdzjgjWX9erEAQgETg/9HevQ3tUvI8plP6DSgN1Es+jArUKVGct5 cIlHbLXCGIcy1D2NAndEznF+6LSWo/Ynd2C5esSdD9R+KvJrmbNJ7s+XN4Uys4ea FyBlHvw56yuSiAcGvUCF+rjg2IaN9QCkH9oGKUNIHpfOdxNnHu3Yk8muNa5H2mXh v2yomcfl6voFIMxvxlVKO7ENkESH/vYYnXFS7S+pnBoEZb4/HTp000ASovjewroq xGBLDUKzTp9nOVWVWECA6La1o+nDi4wOZVDgF7Ks2kaYdAYSa3vkoAI1hN6XtZ3O T3Fv7iF1BqQt+B//tCeT3Fa5SsDulob3K5H2TqnMRlZSr0mst/89RePsbz2wFM+p 1wcklX9gVBI66y5XPfst/sNyLgWMkYgvUsYJTJHeYT0vAN+N54lcwjK1vxKCMFso 2ltd63+E5ql26E1pp//cAqAo7JhWqsaqNV8uY4oKzAHRRfQ9kdz/yq2DfA8aswDL 8nb1rjQ2tIRL/GtWL9ofhKey136qePvF5IwqF+jlO+N7wpG685KZF9zarNZqODxo p93VTJQ6+J0oXktvyJ8RS1XqkFvznocfEThgrhdmsWW4G6bjA2GyAoTWpDy3NUUv 6TxyeUjc6NvKb7t6wgrRuSBKkSRCaln+aBSakq012A50PNssvx7hNzVVl9zBgOv1 6NvSNmqGIdM= =AUgF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289)
-
6) - i386, x86_64
-
Description:
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 6 to version 6 SR16-FP41.
Security Fix(es):
-
This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272)
-
Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05349499
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05349499 Version: 1
HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-12-06 Last Updated: 2016-12-06
Potential Security Impact: Remote: Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability in the DES/3DES block ciphers could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. This vulnerability could be exploited remotely resulting in disclosure of information.
References:
- CVE-2016-2183 - "SWEET32" attack
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of impacted products.
- Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of impacted products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2183
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has released the following mitigation information to resolve the vulnerability in HPE Comware 5 and Comware 7 network products.
Note: Please contact HPE Technical Support for assistance configuring the recommended settings.
Mitigation for the DES/3DES vulnerabilities:
HPE recommends using the assl server-policya and/or the assl client-policya command to specify which ciphers to negotiate.
-
For Comware V7, do not include the following DES/3DES ciphers:
- exp_rsa_des_cbc_sha
- rsa_3des_ede_cbc_sha
- rsa_des_cbc_sha
-
For Comware V5, do not include the following DES/3DES ciphers:
- rsa_3des_ede_cbc_sha
- rsa_des_cbc_sha
using the assl server-policya and/or the assl client-policya command.
Refer to the Security Command Reference manual and Release notes for the specific version running on the device for details.
COMWARE 5 Products
- A6600 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- HSR6602 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- MSR20 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
- MSR20-1X (Comware 5) - Version: See Mitigation
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
- MSR 30 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
- MSR 30-16 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
- MSR 30-1X (Comware 5) - Version: See Mitigation
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
- MSR 50 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
- MSR 50-G2 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
- MSR 9XX (Comware 5) - Version: See Mitigation
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
- MSR 93X (Comware 5) - Version: See Mitigation
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
- MSR1000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG732A HP MSR1003-8 AC Router
- 12500 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- 9500E (Comware 5) - Version: See Mitigation
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
- 10500 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
- 7500 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
- 6125G/XG Blade Switch - Version: See Mitigation
- HP Network Products
- 737220-B21 HP 6125G Blade Switch with TAA
- 737226-B21 HP 6125G/XG Blade Switch with TAA
- 658250-B21 HP 6125G/XG Blade Switch Opt Kit
- 658247-B21 HP 6125G Blade Switch Opt Kit
- 5830 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
- 5800 (Comware 5) - Version: See Mitigation
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
- 5500 HI (Comware 5) - Version: See Mitigation
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
- 5500 EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- 4800G (Comware 5) - Version: See Mitigation
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
- 5500SI (Comware 5) - Version: See Mitigation
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
- 4500G (Comware 5) - Version: See Mitigation
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
- 5120 EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
- 4210G (Comware 5) - Version: See Mitigation
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
- 5120 SI (Comware 5) - Version: See Mitigation
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
- 3610 (Comware 5) - Version: See Mitigation
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
- 3600V2 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
- 3100V2-48 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG315A HP 3100-48 v2 Switch
- JG315B HP 3100-48 v2 Switch
- HP870 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
- HP850 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
- HP830 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
- HP6000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
- WX5004-EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
- SecBlade FW (Comware 5) - Version: See Mitigation
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
- F1000-E (Comware 5) - Version: See Mitigation
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
- F1000-A-EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
- F1000-S-EI (Comware 5) - Version: See Mitigation
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
- F5000-A (Comware 5) - Version: See Mitigation
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
- U200S and CS (Comware 5) - Version: See Mitigation
- HP Network Products
- JD273A HP U200-S UTM Appliance
- U200A and M (Comware 5) - Version: See Mitigation
- HP Network Products
- JD275A HP U200-A UTM Appliance
- F5000-C/S (Comware 5) - Version: See Mitigation
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
- SecBlade III (Comware 5) - Version: See Mitigation
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
- 6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- 6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC165A) HP 6600 RPE-X1 Router Module
- JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- 6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC176A) HP 6602 Router Chassis
- HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- SMB1910 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
- SMB1920 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
- V1910 (Comware 5) - Version: See Mitigation
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
- SMB 1620 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
COMWARE 7 Products
- 12500 (Comware 7) - Version: See Mitigation
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: See Mitigation
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: See Mitigation
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: See Mitigation
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 6125XLG - Version: See Mitigation
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- 6127XLG - Version: See Mitigation
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch TAA
- Moonshot - Version: See Mitigation
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- 5700 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: See Mitigation
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: See Mitigation
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- 5950 (Comware 7) - Version: See Mitigation
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- 5940 (Comware 7) - Version: See Mitigation
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
HISTORY Version:1 (rev.1) - 6 December 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2016-2183)
-
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
Bug Fix(es):
-
Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
-
mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
-
CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
- Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a
Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a
Of the 16 released vulnerabilities: Fourteen track issues that could result in a denial of service (DoS) condition One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system
Five of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product. (BZ#1508885)
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect.
Ubuntu Security Notice USN-3270-1 April 27, 2017
nss vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in NSS.
Software Description: - nss: Network Security Service library
Details:
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update causes NSS to limit use of the same symmetric key. (CVE-2016-2183)
It was discovered that NSS incorrectly handled Base64 decoding. (CVE-2017-5461)
This update refreshes the NSS package to version 3.28.4 which includes the latest CA certificate bundle.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libnss3 2:3.28.4-0ubuntu0.17.04.1
Ubuntu 16.10: libnss3 2:3.28.4-0ubuntu0.16.10.1
Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.1
Ubuntu 14.04 LTS: libnss3 2:3.28.4-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes.
https://entitlement.microfocus.com/mysoftware/index
HISTORY Version:1 (rev.1) - 12 November 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Please note that you will need to sign in using a Passport account.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2017 EntIT Software LLC
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "2.7.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1p"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1f"
},
{
"_id": null,
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.0-006"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.10.0"
},
{
"_id": null,
"model": "jboss web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1l"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1d"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1c"
},
{
"_id": null,
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.4.7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"_id": null,
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "2.7.13"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1q"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.10.47"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1t"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2e"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.1.2"
},
{
"_id": null,
"model": "content security management appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.6-068"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.0.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1b"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.12.16"
},
{
"_id": null,
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.4.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "0.12.0"
},
{
"_id": null,
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.5.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.6.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "4.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.7.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1j"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0.0"
},
{
"_id": null,
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.5.3"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1o"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1e"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0.0"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1a"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2f"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1i"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1r"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1k"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1n"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1m"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "141354"
},
{
"db": "PACKETSTORM",
"id": "141353"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "145017"
}
],
"trust": 0.5
},
"cve": "CVE-2016-2183",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2183",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2183",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2183",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-91002",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"description": {
"_id": null,
"data": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: python security update\nAdvisory ID: RHSA-2018:2123-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2123\nIssue date: 2018-07-03\nCVE Names: CVE-2016-2183 \n=====================================================================\n\n1. Summary:\n\nAn update for python is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to many\nsystem calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\nNote: This update modifies the Python ssl module to disable 3DES cipher\nsuites by default. \n\nRed Hat would like to thank OpenVPN for reporting this issue. Upstream\nacknowledges Karthikeyan Bhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as\nthe original reporters. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nppc64:\npython-2.7.5-69.el7_5.ppc64.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64.rpm\npython-devel-2.7.5-69.el7_5.ppc64.rpm\npython-libs-2.7.5-69.el7_5.ppc.rpm\npython-libs-2.7.5-69.el7_5.ppc64.rpm\n\nppc64le:\npython-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-devel-2.7.5-69.el7_5.ppc64le.rpm\npython-libs-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-devel-2.7.5-69.el7_5.s390x.rpm\npython-libs-2.7.5-69.el7_5.s390.rpm\npython-libs-2.7.5-69.el7_5.s390x.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\naarch64:\npython-2.7.5-69.el7_5.aarch64.rpm\npython-debuginfo-2.7.5-69.el7_5.aarch64.rpm\npython-devel-2.7.5-69.el7_5.aarch64.rpm\npython-libs-2.7.5-69.el7_5.aarch64.rpm\n\nppc64le:\npython-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-devel-2.7.5-69.el7_5.ppc64le.rpm\npython-libs-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-devel-2.7.5-69.el7_5.s390x.rpm\npython-libs-2.7.5-69.el7_5.s390.rpm\npython-libs-2.7.5-69.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\npython-debug-2.7.5-69.el7_5.ppc64.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64.rpm\npython-test-2.7.5-69.el7_5.ppc64.rpm\npython-tools-2.7.5-69.el7_5.ppc64.rpm\ntkinter-2.7.5-69.el7_5.ppc64.rpm\n\nppc64le:\npython-debug-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-test-2.7.5-69.el7_5.ppc64le.rpm\npython-tools-2.7.5-69.el7_5.ppc64le.rpm\ntkinter-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-test-2.7.5-69.el7_5.s390x.rpm\npython-tools-2.7.5-69.el7_5.s390x.rpm\ntkinter-2.7.5-69.el7_5.s390x.rpm\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\npython-debug-2.7.5-69.el7_5.aarch64.rpm\npython-debuginfo-2.7.5-69.el7_5.aarch64.rpm\npython-test-2.7.5-69.el7_5.aarch64.rpm\npython-tools-2.7.5-69.el7_5.aarch64.rpm\ntkinter-2.7.5-69.el7_5.aarch64.rpm\n\nppc64le:\npython-debug-2.7.5-69.el7_5.ppc64le.rpm\npython-debuginfo-2.7.5-69.el7_5.ppc64le.rpm\npython-test-2.7.5-69.el7_5.ppc64le.rpm\npython-tools-2.7.5-69.el7_5.ppc64le.rpm\ntkinter-2.7.5-69.el7_5.ppc64le.rpm\n\ns390x:\npython-debug-2.7.5-69.el7_5.s390x.rpm\npython-debuginfo-2.7.5-69.el7_5.s390x.rpm\npython-test-2.7.5-69.el7_5.s390x.rpm\npython-tools-2.7.5-69.el7_5.s390x.rpm\ntkinter-2.7.5-69.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\npython-2.7.5-69.el7_5.src.rpm\n\nx86_64:\npython-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.i686.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-devel-2.7.5-69.el7_5.x86_64.rpm\npython-libs-2.7.5-69.el7_5.i686.rpm\npython-libs-2.7.5-69.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\npython-debug-2.7.5-69.el7_5.x86_64.rpm\npython-debuginfo-2.7.5-69.el7_5.x86_64.rpm\npython-test-2.7.5-69.el7_5.x86_64.rpm\npython-tools-2.7.5-69.el7_5.x86_64.rpm\ntkinter-2.7.5-69.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2183\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBWzuDSdzjgjWX9erEAQgETg/9HevQ3tUvI8plP6DSgN1Es+jArUKVGct5\ncIlHbLXCGIcy1D2NAndEznF+6LSWo/Ynd2C5esSdD9R+KvJrmbNJ7s+XN4Uys4ea\nFyBlHvw56yuSiAcGvUCF+rjg2IaN9QCkH9oGKUNIHpfOdxNnHu3Yk8muNa5H2mXh\nv2yomcfl6voFIMxvxlVKO7ENkESH/vYYnXFS7S+pnBoEZb4/HTp000ASovjewroq\nxGBLDUKzTp9nOVWVWECA6La1o+nDi4wOZVDgF7Ks2kaYdAYSa3vkoAI1hN6XtZ3O\nT3Fv7iF1BqQt+B//tCeT3Fa5SsDulob3K5H2TqnMRlZSr0mst/89RePsbz2wFM+p\n1wcklX9gVBI66y5XPfst/sNyLgWMkYgvUsYJTJHeYT0vAN+N54lcwjK1vxKCMFso\n2ltd63+E5ql26E1pp//cAqAo7JhWqsaqNV8uY4oKzAHRRfQ9kdz/yq2DfA8aswDL\n8nb1rjQ2tIRL/GtWL9ofhKey136qePvF5IwqF+jlO+N7wpG685KZF9zarNZqODxo\np93VTJQ6+J0oXktvyJ8RS1XqkFvznocfEThgrhdmsWW4G6bjA2GyAoTWpDy3NUUv\n6TxyeUjc6NvKb7t6wgrRuSBKkSRCaln+aBSakq012A50PNssvx7hNzVVl9zBgOv1\n6NvSNmqGIdM=\n=AUgF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547,\nCVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241,\nCVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272,\nCVE-2017-3289)\n\n4. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update upgrades IBM Java SE 6 to version 6 SR16-FP41. \n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548,\nCVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252,\nCVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)\n1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)\n1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)\n1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)\n1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)\n1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)\n1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)\n1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728)\n1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)\n1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)\n1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05349499\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05349499\nVersion: 1\n\nHPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS,\nRemote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-12-06\nLast Updated: 2016-12-06\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability in the DES/3DES block ciphers could\npotentially impact HPE Comware 5 and Comware 7 network products using\nSSL/TLS. This vulnerability could be exploited remotely resulting in\ndisclosure of information. \n\nReferences:\n\n - CVE-2016-2183 - \"SWEET32\" attack\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of impacted products. \n - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of impacted products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2183\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has released the following mitigation information to resolve the\nvulnerability in HPE Comware 5 and Comware 7 network products. \n\n*Note:* Please contact HPE Technical Support for assistance configuring the\nrecommended settings. \n\n**Mitigation for the DES/3DES vulnerabilities:**\n\nHPE recommends using the assl server-policya and/or the assl client-policya\ncommand to specify which ciphers to negotiate. \n\n+ For Comware V7, do not include the following DES/3DES ciphers:\n\n - exp_rsa_des_cbc_sha \n - rsa_3des_ede_cbc_sha\n - rsa_des_cbc_sha\n\n+ For Comware V5, do not include the following DES/3DES ciphers:\n \n - rsa_3des_ede_cbc_sha \n - rsa_des_cbc_sha\n\nusing the assl server-policya and/or the assl client-policya command. \n\nRefer to the *Security Command Reference* manual and *Release notes* for the\nspecific version running on the device for details. \n \n \n**COMWARE 5 Products**\n\n + **A6600 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **HSR6602 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **MSR20 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD432A HP A-MSR20-21 Router\n - JD662A HP MSR20-20 Router\n - JD663A HP A-MSR20-21 Router\n - JD663B HP MSR20-21 Router\n - JD664A HP MSR20-40 Router\n - JF228A HP MSR20-40 Router\n - JF283A HP MSR20-20 Router\n + **MSR20-1X (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD431A HP MSR20-10 Router\n - JD667A HP MSR20-15 IW Multi-Service Router\n - JD668A HP MSR20-13 Multi-Service Router\n - JD669A HP MSR20-13 W Multi-Service Router\n - JD670A HP MSR20-15 A Multi-Service Router\n - JD671A HP MSR20-15 AW Multi-Service Router\n - JD672A HP MSR20-15 I Multi-Service Router\n - JD673A HP MSR20-11 Multi-Service Router\n - JD674A HP MSR20-12 Multi-Service Router\n - JD675A HP MSR20-12 W Multi-Service Router\n - JD676A HP MSR20-12 T1 Multi-Service Router\n - JF236A HP MSR20-15-I Router\n - JF237A HP MSR20-15-A Router\n - JF238A HP MSR20-15-I-W Router\n - JF239A HP MSR20-11 Router\n - JF240A HP MSR20-13 Router\n - JF241A HP MSR20-12 Router\n - JF806A HP MSR20-12-T Router\n - JF807A HP MSR20-12-W Router\n - JF808A HP MSR20-13-W Router\n - JF809A HP MSR20-15-A-W Router\n - JF817A HP MSR20-15 Router\n - JG209A HP MSR20-12-T-W Router (NA)\n - JG210A HP MSR20-13-W Router (NA)\n + **MSR 30 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD654A HP MSR30-60 POE Multi-Service Router\n - JD657A HP MSR30-40 Multi-Service Router\n - JD658A HP MSR30-60 Multi-Service Router\n - JD660A HP MSR30-20 POE Multi-Service Router\n - JD661A HP MSR30-40 POE Multi-Service Router\n - JD666A HP MSR30-20 Multi-Service Router\n - JF229A HP MSR30-40 Router\n - JF230A HP MSR30-60 Router\n - JF232A HP RTMSR3040-AC-OVSAS-H3\n - JF235A HP MSR30-20 DC Router\n - JF284A HP MSR30-20 Router\n - JF287A HP MSR30-40 DC Router\n - JF801A HP MSR30-60 DC Router\n - JF802A HP MSR30-20 PoE Router\n - JF803A HP MSR30-40 PoE Router\n - JF804A HP MSR30-60 PoE Router\n - JG728A HP MSR30-20 TAA-compliant DC Router\n - JG729A HP MSR30-20 TAA-compliant Router\n + **MSR 30-16 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD659A HP MSR30-16 POE Multi-Service Router\n - JD665A HP MSR30-16 Multi-Service Router\n - JF233A HP MSR30-16 Router\n - JF234A HP MSR30-16 PoE Router\n + **MSR 30-1X (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF800A HP MSR30-11 Router\n - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n - JG182A HP MSR30-11E Router\n - JG183A HP MSR30-11F Router\n - JG184A HP MSR30-10 DC Router\n + **MSR 50 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD433A HP MSR50-40 Router\n - JD653A HP MSR50 Processor Module\n - JD655A HP MSR50-40 Multi-Service Router\n - JD656A HP MSR50-60 Multi-Service Router\n - JF231A HP MSR50-60 Router\n - JF285A HP MSR50-40 DC Router\n - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n + **MSR 50-G2 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD429A HP MSR50 G2 Processor Module\n - JD429B HP MSR50 G2 Processor Module\n + **MSR 9XX (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF812A HP MSR900 Router\n - JF813A HP MSR920 Router\n - JF814A HP MSR900-W Router\n - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n - JG207A HP MSR900-W Router (NA)\n - JG208A HP MSR920-W Router (NA)\n + **MSR 93X (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG511A HP MSR930 Router\n - JG511B HP MSR930 Router\n - JG512A HP MSR930 Wireless Router\n - JG513A HP MSR930 3G Router\n - JG513B HP MSR930 3G Router\n - JG514A HP MSR931 Router\n - JG514B HP MSR931 Router\n - JG515A HP MSR931 3G Router\n - JG516A HP MSR933 Router\n - JG517A HP MSR933 3G Router\n - JG518A HP MSR935 Router\n - JG518B HP MSR935 Router\n - JG519A HP MSR935 Wireless Router\n - JG520A HP MSR935 3G Router\n - JG531A HP MSR931 Dual 3G Router\n - JG531B HP MSR931 Dual 3G Router\n - JG596A HP MSR930 4G LTE/3G CDMA Router\n - JG597A HP MSR936 Wireless Router\n - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n - JH009A HP MSR931 Serial (TI) Router\n - JH010A HP MSR933 G.SHDSL (TI) Router\n - JH011A HP MSR935 ADSL2+ (TI) Router\n - JH012A HP MSR930 Wireless 802.11n (NA) Router\n - JH012B HP MSR930 Wireless 802.11n (NA) Router\n - JH013A HP MSR935 Wireless 802.11n (NA) Router\n + **MSR1000 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG732A HP MSR1003-8 AC Router\n + **12500 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JC808A HP 12500 TAA Main Processing Unit\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n + **9500E (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC124A HP A9508 Switch Chassis\n - JC124B HP 9505 Switch Chassis\n - JC125A HP A9512 Switch Chassis\n - JC125B HP 9512 Switch Chassis\n - JC474A HP A9508-V Switch Chassis\n - JC474B HP 9508-V Switch Chassis\n + **10500 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC614A HP 10500 Main Processing Unit\n - JC748A HP 10512 Switch Chassis\n - JG375A HP 10500 TAA-compliant Main Processing Unit\n - JG820A HP 10504 TAA-compliant Switch Chassis\n - JG821A HP 10508 TAA-compliant Switch Chassis\n - JG822A HP 10508-V TAA-compliant Switch Chassis\n - JG823A HP 10512 TAA-compliant Switch Chassis\n + **7500 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n - JC697A HP 7502 TAA-compliant Main Processing Unit\n - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD194A HP 7500 384Gbps Fabric Module\n - JD194B HP 7500 384Gbps Fabric Module\n - JD195A HP 7500 384Gbps Advanced Fabric Module\n - JD196A HP 7502 Fabric Module\n - JD220A HP 7500 768Gbps Fabric Module\n - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n - JD238A HP 7510 Switch Chassis\n - JD238B HP 7510 Switch Chassis\n - JD239A HP 7506 Switch Chassis\n - JD239B HP 7506 Switch Chassis\n - JD240A HP 7503 Switch Chassis\n - JD240B HP 7503 Switch Chassis\n - JD241A HP 7506-V Switch Chassis\n - JD241B HP 7506-V Switch Chassis\n - JD242A HP 7502 Switch Chassis\n - JD242B HP 7502 Switch Chassis\n - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n - JE164A HP E7902 Switch Chassis\n - JE165A HP E7903 Switch Chassis\n - JE166A HP E7903 1 Fabric Slot Switch Chassis\n - JE167A HP E7906 Switch Chassis\n - JE168A HP E7906 Vertical Switch Chassis\n - JE169A HP E7910 Switch Chassis\n + **6125G/XG Blade Switch - Version: See Mitigation**\n * HP Network Products\n - 737220-B21 HP 6125G Blade Switch with TAA\n - 737226-B21 HP 6125G/XG Blade Switch with TAA\n - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n - 658247-B21 HP 6125G Blade Switch Opt Kit\n + **5830 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n - JC694A HP 5830AF-96G Switch\n - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n - JG374A HP 5830AF-96G TAA-compliant Switch\n + **5800 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n + **5500 HI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n + **5500 EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD373A HP 5500-24G DC EI Switch\n - JD374A HP 5500-24G-SFP EI Switch\n - JD375A HP 5500-48G EI Switch\n - JD376A HP 5500-48G-PoE EI Switch\n - JD377A HP 5500-24G EI Switch\n - JD378A HP 5500-24G-PoE EI Switch\n - JD379A HP 5500-24G-SFP DC EI Switch\n - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n + **4800G (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD007A HP 4800-24G Switch\n - JD008A HP 4800-24G-PoE Switch\n - JD009A HP 4800-24G-SFP Switch\n - JD010A HP 4800-48G Switch\n - JD011A HP 4800-48G-PoE Switch\n + **5500SI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD369A HP 5500-24G SI Switch\n - JD370A HP 5500-48G SI Switch\n - JD371A HP 5500-24G-PoE SI Switch\n - JD372A HP 5500-48G-PoE SI Switch\n - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n + **4500G (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF428A HP 4510-48G Switch\n - JF847A HP 4510-24G Switch\n + **5120 EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JE066A HP 5120-24G EI Switch\n - JE067A HP 5120-48G EI Switch\n - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n - JE070A HP 5120-24G-PoE EI 2-slot Switch\n - JE071A HP 5120-48G-PoE EI 2-slot Switch\n - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n + **4210G (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JF844A HP 4210-24G Switch\n - JF845A HP 4210-48G Switch\n - JF846A HP 4210-24G-PoE Switch\n + **5120 SI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JE072A HP 5120-48G SI Switch\n - JE072B HPE 5120 48G SI Switch\n - JE073A HP 5120-16G SI Switch\n - JE073B HPE 5120 16G SI Switch\n - JE074A HP 5120-24G SI Switch\n - JE074B HPE 5120 24G SI Switch\n - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n + **3610 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD335A HP 3610-48 Switch\n - JD336A HP 3610-24-4G-SFP Switch\n - JD337A HP 3610-24-2G-2G-SFP Switch\n - JD338A HP 3610-24-SFP Switch\n + **3600V2 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG299A HP 3600-24 v2 EI Switch\n - JG299B HP 3600-24 v2 EI Switch\n - JG300A HP 3600-48 v2 EI Switch\n - JG300B HP 3600-48 v2 EI Switch\n - JG301A HP 3600-24-PoE+ v2 EI Switch\n - JG301B HP 3600-24-PoE+ v2 EI Switch\n - JG301C HP 3600-24-PoE+ v2 EI Switch\n - JG302A HP 3600-48-PoE+ v2 EI Switch\n - JG302B HP 3600-48-PoE+ v2 EI Switch\n - JG302C HP 3600-48-PoE+ v2 EI Switch\n - JG303A HP 3600-24-SFP v2 EI Switch\n - JG303B HP 3600-24-SFP v2 EI Switch\n - JG304A HP 3600-24 v2 SI Switch\n - JG304B HP 3600-24 v2 SI Switch\n - JG305A HP 3600-48 v2 SI Switch\n - JG305B HP 3600-48 v2 SI Switch\n - JG306A HP 3600-24-PoE+ v2 SI Switch\n - JG306B HP 3600-24-PoE+ v2 SI Switch\n - JG306C HP 3600-24-PoE+ v2 SI Switch\n - JG307A HP 3600-48-PoE+ v2 SI Switch\n - JG307B HP 3600-48-PoE+ v2 SI Switch\n - JG307C HP 3600-48-PoE+ v2 SI Switch\n + **3100V2-48 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG315A HP 3100-48 v2 Switch\n - JG315B HP 3100-48 v2 Switch\n + **HP870 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG723A HP 870 Unified Wired-WLAN Appliance\n - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n + **HP850 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG722A HP 850 Unified Wired-WLAN Appliance\n - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n + **HP830 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n + **HP6000 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n + **WX5004-EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD447B HP WX5002 Access Controller\n - JD448A HP WX5004 Access Controller\n - JD448B HP WX5004 Access Controller\n - JD469A HP WX5004 Access Controller\n + **SecBlade FW (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JC635A HP 12500 VPN Firewall Module\n - JD245A HP 9500 VPN Firewall Module\n - JD249A HP 10500/7500 Advanced VPN Firewall Module\n - JD250A HP 6600 Firewall Processing Router Module\n - JD251A HP 8800 Firewall Processing Module\n - JD255A HP 5820 VPN Firewall Module\n + **F1000-E (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD272A HP F1000-E VPN Firewall Appliance\n + **F1000-A-EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG214A HP F1000-A-EI VPN Firewall Appliance\n + **F1000-S-EI (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG213A HP F1000-S-EI VPN Firewall Appliance\n + **F5000-A (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD259A HP A5000-A5 VPN Firewall Chassis\n - JG215A HP F5000 Firewall Main Processing Unit\n - JG216A HP F5000 Firewall Standalone Chassis\n + **U200S and CS (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD273A HP U200-S UTM Appliance\n + **U200A and M (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JD275A HP U200-A UTM Appliance\n + **F5000-C/S (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG650A HP F5000-C VPN Firewall Appliance\n - JG370A HP F5000-S VPN Firewall Appliance\n + **SecBlade III (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG371A HP 12500 20Gbps VPN Firewall Module\n - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC165A) HP 6600 RPE-X1 Router Module\n - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC176A) HP 6602 Router Chassis\n + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **SMB1910 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG540A HP 1910-48 Switch\n - JG539A HP 1910-24-PoE+ Switch\n - JG538A HP 1910-24 Switch\n - JG537A HP 1910-8 -PoE+ Switch\n - JG536A HP 1910-8 Switch\n + **SMB1920 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG928A HP 1920-48G-PoE+ (370W) Switch\n - JG927A HP 1920-48G Switch\n - JG926A HP 1920-24G-PoE+ (370W) Switch\n - JG925A HP 1920-24G-PoE+ (180W) Switch\n - JG924A HP 1920-24G Switch\n - JG923A HP 1920-16G Switch\n - JG922A HP 1920-8G-PoE+ (180W) Switch\n - JG921A HP 1920-8G-PoE+ (65W) Switch\n - JG920A HP 1920-8G Switch\n + **V1910 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JE005A HP 1910-16G Switch\n - JE006A HP 1910-24G Switch\n - JE007A HP 1910-24G-PoE (365W) Switch\n - JE008A HP 1910-24G-PoE(170W) Switch\n - JE009A HP 1910-48G Switch\n - JG348A HP 1910-8G Switch\n - JG349A HP 1910-8G-PoE+ (65W) Switch\n - JG350A HP 1910-8G-PoE+ (180W) Switch\n + **SMB 1620 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG914A HP 1620-48G Switch\n - JG913A HP 1620-24G Switch\n - JG912A HP 1620-8G Switch\n\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **6125XLG - Version: See Mitigation**\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n + **6127XLG - Version: See Mitigation**\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch TAA\n + **Moonshot - Version: See Mitigation**\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n + **5700 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n + **5950 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n + **5940 (Comware 7) - Version: See Mitigation**\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n\nHISTORY\nVersion:1 (rev.1) - 6 December 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes\ndocument linked to in the References. \n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a\nupdate for Red Hat JBoss Web Server 2, and includes bug fixes, which are\ndocumented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not\nproperly initialize memory before using it when processing certain headers\nrelated to digest authentication. A remote attacker could possibly use this\nflaw to disclose potentially sensitive information or cause httpd child\nprocess to crash by sending specially crafted requests to a server. \n(CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. \n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)\n1493075 - Unable to load large CRL openssl problem\n1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\n6. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a\n\nSubsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a\n\nOf the 16 released vulnerabilities:\n Fourteen track issues that could result in a denial of service (DoS) condition\n One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality\n One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system\n\nFive of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product. (BZ#1508885)\n\n3. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. \n===========================================================================\nUbuntu Security Notice USN-3270-1\nApril 27, 2017\n\nnss vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NSS. \n\nSoftware Description:\n- nss: Network Security Service library\n\nDetails:\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. This update causes NSS to limit use of the same symmetric key. \n(CVE-2016-2183)\n\nIt was discovered that NSS incorrectly handled Base64 decoding. (CVE-2017-5461)\n\nThis update refreshes the NSS package to version 3.28.4 which includes\nthe latest CA certificate bundle. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libnss3 2:3.28.4-0ubuntu0.17.04.1\n\nUbuntu 16.10:\n libnss3 2:3.28.4-0ubuntu0.16.10.1\n\nUbuntu 16.04 LTS:\n libnss3 2:3.28.4-0ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n libnss3 2:3.28.4-0ubuntu0.14.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use NSS, such as Evolution and Chromium, to make all the necessary\nchanges. \n\n[https://entitlement.microfocus.com/mysoftware/index](https://entitlement.mic\nofocus.com/mysoftware/index)\n\nHISTORY\nVersion:1 (rev.1) - 12 November 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n Please note that you will need to sign in using a Passport account. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright 2017 EntIT Software LLC\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2183"
},
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "141354"
},
{
"db": "PACKETSTORM",
"id": "141353"
},
{
"db": "PACKETSTORM",
"id": "140084"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "138889"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "150303"
}
],
"trust": 1.89
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-91002",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-2183",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "142756",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-02",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036696",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA40312",
"trust": 1.1
},
{
"db": "BID",
"id": "92630",
"trust": 1.1
},
{
"db": "BID",
"id": "95568",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2017-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-21",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-20",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2016-16",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10197",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10310",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10186",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10215",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10171",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-412672",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10759",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42091",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "148410",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "140708",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150303",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141354",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144869",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142340",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145017",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "140084",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141353",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161320",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141352",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140718",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143244",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141111",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144865",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156451",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147581",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152978",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140977",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159431",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201608-448",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-91002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138889",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "141354"
},
{
"db": "PACKETSTORM",
"id": "141353"
},
{
"db": "PACKETSTORM",
"id": "140084"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "138889"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "150303"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"id": "VAR-201609-0597",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:15:18.194000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0337.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0338.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:3113"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:3239"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:2123"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3270-1"
},
{
"trust": 1.2,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03286178"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036696"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2017/may/105"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2017/jul/31"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2018/nov/21"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/42091/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92630"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95568"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0336.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0462.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1216"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2708"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2709"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2710"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3114"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3240"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1245"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2859"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0451"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3087-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3087-2"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3179-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3194-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3198-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3372-1"
},
{
"trust": 1.1,
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/142756/ibm-informix-dynamic-server-dll-injection-code-execution.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021697"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaapsv"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaapue"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/articles/2548661"
},
{
"trust": 1.1,
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"trust": 1.1,
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05309984"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05323116"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05349499"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369403"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05369415"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390849"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312"
},
{
"trust": 1.1,
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"trust": 1.1,
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"trust": 1.1,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03158613"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k13167034"
},
{
"trust": 1.1,
"url": "https://sweet32.info/"
},
{
"trust": 1.1,
"url": "https://wiki.opendaylight.org/view/security_advisories"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"trust": 1.1,
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.sigsac.org/ccs/ccs2016/accepted-papers/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"trust": 1.1,
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390722"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10186"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03765en_us"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10197"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10310"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05385680"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03725en_us"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/cve-2016-2183-detection-sweet32-vulnerability"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369415"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05390849"
},
{
"trust": 1.0,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05369403"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/cve-2016-2183-mitigate-sweet32-vulnerability"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3259"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5549"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3241"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5549"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3253"
},
{
"trust": 0.2,
"url": "https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5552"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3252"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3252"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3272"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5552"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5548"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3272"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3261"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-9798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-9788"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05302448"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369403"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05369415"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05385680"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390722"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c05390849"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbgn03765en_us"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03725en_us"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10171"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10186"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10197"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10215"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-3289"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05349499"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05369415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3227901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3229231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.17.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5461"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://www.microfocus.com/support-and-services/report-security"
},
{
"trust": 0.1,
"url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
},
{
"trust": 0.1,
"url": "https://entitlement.microfocus.com/mysoftware/index](https://entitlement.mic"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/security-vulnerability"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91002"
},
{
"db": "PACKETSTORM",
"id": "148410"
},
{
"db": "PACKETSTORM",
"id": "141354"
},
{
"db": "PACKETSTORM",
"id": "141353"
},
{
"db": "PACKETSTORM",
"id": "140084"
},
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "138889"
},
{
"db": "PACKETSTORM",
"id": "145017"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "150303"
},
{
"db": "NVD",
"id": "CVE-2016-2183"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-91002",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "148410",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141354",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141353",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140084",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140708",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144869",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "138889",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "145017",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "142340",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150303",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-2183",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-91002",
"ident": null
},
{
"date": "2018-07-03T14:44:44",
"db": "PACKETSTORM",
"id": "148410",
"ident": null
},
{
"date": "2017-02-28T14:19:17",
"db": "PACKETSTORM",
"id": "141354",
"ident": null
},
{
"date": "2017-02-28T14:19:11",
"db": "PACKETSTORM",
"id": "141353",
"ident": null
},
{
"date": "2016-12-08T23:45:55",
"db": "PACKETSTORM",
"id": "140084",
"ident": null
},
{
"date": "2017-01-24T19:13:55",
"db": "PACKETSTORM",
"id": "140708",
"ident": null
},
{
"date": "2017-11-02T23:50:49",
"db": "PACKETSTORM",
"id": "144869",
"ident": null
},
{
"date": "2016-09-28T23:24:00",
"db": "PACKETSTORM",
"id": "138889",
"ident": null
},
{
"date": "2017-11-17T00:10:36",
"db": "PACKETSTORM",
"id": "145017",
"ident": null
},
{
"date": "2017-04-27T23:47:18",
"db": "PACKETSTORM",
"id": "142340",
"ident": null
},
{
"date": "2018-11-13T17:59:55",
"db": "PACKETSTORM",
"id": "150303",
"ident": null
},
{
"date": "2016-09-01T00:59:00.137000",
"db": "NVD",
"id": "CVE-2016-2183",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-91002",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2183",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140708"
},
{
"db": "PACKETSTORM",
"id": "142340"
},
{
"db": "PACKETSTORM",
"id": "150303"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Red Hat Security Advisory 2018-2123-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "148410"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "142340"
}
],
"trust": 0.1
}
}
VAR-202005-1052
Vulnerability from variot - Updated: 2026-03-09 19:59When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat's use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484) The fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329).
For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u2.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8 TjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW 1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE mpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO 0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG 2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI 9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv REID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L tTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5 RtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2 iG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS bTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU= =E8Ei -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/
- Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame
- ========================================================================== Ubuntu Security Notice USN-6908-1 July 23, 2024
tomcat vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Tomcat.
Software Description: - tomcat7: Servlet 3.0 and JSP 2.2 Java API classes
Details:
It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. (CVE-2020-9484, CVE-2021-25329)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS libservlet3.0-java 7.0.78-1ubuntu0.1~esm1 Available with Ubuntu Pro
Ubuntu 16.04 LTS libservlet3.0-java 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro libtomcat7-java 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro tomcat7 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro
Ubuntu 14.04 LTS libservlet3.0-java 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro libtomcat7-java 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro tomcat7 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:2530-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2530 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr UqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy QjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt AxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp Lf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy U6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1 whBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0 jAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU 8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK mytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5 VtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o yI/DufEuzcM\xbfNT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.104:7 >= 7.0.104:7 < 8.5.55:8.5 >= 8.5.55:8.5
Description
Apache Tomcat improperly handles deserialization of files under specific circumstances.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 7.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.104"
All Apache Tomcat 8.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.55"
References
[ 1 ] CVE-2020-9484 https://nvd.nist.gov/vuln/detail/CVE-2020-9484 [ 2 ] Upstream advisory (7) https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104 [ 3 ] Upstream advisory (8.5) https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202006-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.9.1"
},
{
"_id": null,
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.10.0"
},
{
"_id": null,
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.108"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"_id": null,
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.9.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4.0.5"
},
{
"_id": null,
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "fmw platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.43"
},
{
"_id": null,
"model": "fmw platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "10.0.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "siebel apps - marketing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.9"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"_id": null,
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"_id": null,
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.1"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.63"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"_id": null,
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9484",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-9484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-187609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2020-9484",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187609",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"description": {
"_id": null,
"data": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat\u0027s use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484)\nThe fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u2. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8\nTjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW\n1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE\nmpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO\n0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG\n2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI\n9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv\nREID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L\ntTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5\nRtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2\niG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS\nbTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU=\n=E8Ei\n-----END PGP SIGNATURE-----\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers\n1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature\n1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability\n1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack\n1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS\n1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling\n1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack\n1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs\n1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution\n1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability\n1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath\n1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file\n1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame\n\n5. ==========================================================================\nUbuntu Security Notice USN-6908-1\nJuly 23, 2024\n\ntomcat vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet 3.0 and JSP 2.2 Java API classes\n\nDetails:\n\nIt was discovered that the Tomcat SSI printenv command echoed user\nprovided data without escaping it. An attacker could possibly use this\nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat incorrectly handled certain uncommon\nPersistenceManager with FileStore configurations. \n(CVE-2020-9484, CVE-2021-25329)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS\nlibservlet3.0-java 7.0.78-1ubuntu0.1~esm1\nAvailable with Ubuntu Pro\n\nUbuntu 16.04 LTS\nlibservlet3.0-java 7.0.68-1ubuntu0.4+esm2\nAvailable with Ubuntu Pro\nlibtomcat7-java 7.0.68-1ubuntu0.4+esm2\nAvailable with Ubuntu Pro\ntomcat7 7.0.68-1ubuntu0.4+esm2\nAvailable with Ubuntu Pro\n\nUbuntu 14.04 LTS\nlibservlet3.0-java 7.0.52-1ubuntu0.16+esm1\nAvailable with Ubuntu Pro\nlibtomcat7-java 7.0.52-1ubuntu0.16+esm1\nAvailable with Ubuntu Pro\ntomcat7 7.0.52-1ubuntu0.16+esm1\nAvailable with Ubuntu Pro\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a\nreplacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which\nare documented in the Release Notes document linked to in the References. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nRed Hat support for Spring Boot provides an application platform that\nreduces the complexity of developing and operating applications (monoliths\nand microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: tomcat security update\nAdvisory ID: RHSA-2020:2530-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2530\nIssue date: 2020-06-11\nCVE Names: CVE-2020-9484\n====================================================================\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nSecurity Fix(es):\n\n* tomcat: deserialization flaw in session persistence storage leading to\nRCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-9484\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr\nUqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy\nQjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt\nAxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp\nLf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy\nU6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1\nwhBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0\njAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU\n8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK\nmytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5\nVtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o\nyI/DufEuzcM\\xbfNT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 7.0.104:7 \u003e= 7.0.104:7 \n \u003c 8.5.55:8.5 \u003e= 8.5.55:8.5 \n\nDescription\n===========\n\nApache Tomcat improperly handles deserialization of files under\nspecific circumstances. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.104\"\n\nAll Apache Tomcat 8.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-8.5.55\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-9484\n https://nvd.nist.gov/vuln/detail/CVE-2020-9484\n[ 2 ] Upstream advisory (7)\n https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104\n[ 3 ] Upstream advisory (8.5)\n https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202006-21\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
},
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
},
{
"db": "PACKETSTORM",
"id": "158103"
}
],
"trust": 1.98
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-187609",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-9484",
"trust": 2.2
},
{
"db": "PACKETSTORM",
"id": "157924",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10332",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/01/2",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "158029",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158032",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158049",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158034",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158050",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158103",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158621",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158030",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167841",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159666",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98234",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-34449",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1078",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187609",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168857",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179696",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
},
{
"db": "PACKETSTORM",
"id": "158103"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"id": "VAR-202005-1052",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T19:59:58.474000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202509 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202530 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202506 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202487 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202529 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202483 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat9: CVE-2020-9484",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cc55062b1693f83a222063668ffd932c"
},
{
"title": "Red Hat: Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203017 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1389",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1389"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1390",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1390"
},
{
"title": "Arch Linux Advisories: [ASA-202006-5] tomcat8: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202006-5"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1449",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1449"
},
{
"title": "Arch Linux Advisories: [ASA-202006-7] tomcat9: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202006-7"
},
{
"title": "Arch Linux Advisories: [ASA-202005-19] tomcat7: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-19"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1493",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1493"
},
{
"title": "Amazon Linux 2: ALASTOMCAT8.5-2023-008",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASTOMCAT8.5-2023-008"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1491",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1491"
},
{
"title": "Arch Linux Advisories: [ASA-202005-18] tomcat9: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-18"
},
{
"title": "Arch Linux Advisories: [ASA-202006-6] tomcat7: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202006-6"
},
{
"title": "Arch Linux Advisories: [ASA-202005-20] tomcat8: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-20"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-9484 log"
},
{
"title": "Debian Security Advisories: DSA-4727-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=948379f644728cd78397969845b23817"
},
{
"title": "Debian Security Advisories: DSA-5265-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ff46eee51fe9c568d7579825e9f7646"
},
{
"title": "Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5360-1"
},
{
"title": "Amazon Linux 2: ALASTOMCAT8.5-2023-009",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASTOMCAT8.5-2023-009"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b4bdf241c7e678e09423e98e7d3134b8"
},
{
"title": "IBM: Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6625900b3dffe0c4351300480ad4824f"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.11.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225532 - Security Advisory"
},
{
"title": "https://github.com/osamahamad/CVE-2020-9484-Mass-Scan",
"trust": 0.1,
"url": "https://github.com/osamahamad/CVE-2020-9484-Mass-Scan "
},
{
"title": "https://github.com/anjai94/CVE-2020-9484-exploit",
"trust": 0.1,
"url": "https://github.com/anjai94/CVE-2020-9484-exploit "
},
{
"title": "CVE-2020-9484",
"trust": 0.1,
"url": "https://github.com/DXY0411/CVE-2020-9484 "
},
{
"title": "CVE-2020-9484",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/CVE-2020-9484 "
},
{
"title": "summary",
"trust": 0.1,
"url": "https://github.com/Catbamboo/Catbamboo.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9484"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/jun/6"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/157924/apache-tomcat-cve-2020-9484-proof-of-concept.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10332"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9484"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11996"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10332"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5410"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27807"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6908-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.spring.boot\u0026version=2.1.15"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2530"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2506"
},
{
"trust": 0.1,
"url": "https://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.104"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.55"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
},
{
"db": "PACKETSTORM",
"id": "158103"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-187609",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-9484",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168857",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "179696",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158029",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158050",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158621",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158049",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158034",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158032",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158103",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-9484",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-187609",
"ident": null
},
{
"date": "2020-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9484",
"ident": null
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168857",
"ident": null
},
{
"date": "2021-08-12T15:42:56",
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"date": "2024-07-24T13:32:46",
"db": "PACKETSTORM",
"id": "179696",
"ident": null
},
{
"date": "2020-06-11T16:32:58",
"db": "PACKETSTORM",
"id": "158029",
"ident": null
},
{
"date": "2020-06-11T16:36:37",
"db": "PACKETSTORM",
"id": "158050",
"ident": null
},
{
"date": "2020-07-27T18:44:59",
"db": "PACKETSTORM",
"id": "158621",
"ident": null
},
{
"date": "2020-06-11T16:36:30",
"db": "PACKETSTORM",
"id": "158049",
"ident": null
},
{
"date": "2020-06-11T16:33:52",
"db": "PACKETSTORM",
"id": "158034",
"ident": null
},
{
"date": "2020-06-11T16:33:22",
"db": "PACKETSTORM",
"id": "158032",
"ident": null
},
{
"date": "2020-06-16T00:56:11",
"db": "PACKETSTORM",
"id": "158103",
"ident": null
},
{
"date": "2020-05-20T19:15:09.257000",
"db": "NVD",
"id": "CVE-2020-9484",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-187609",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9484",
"ident": null
},
{
"date": "2024-11-21T05:40:44.420000",
"db": "NVD",
"id": "CVE-2020-9484",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
}
],
"trust": 0.2
},
"title": {
"_id": null,
"data": "Debian Security Advisory 4727-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "168857"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
}
],
"trust": 0.5
}
}
VAR-200904-0276
Vulnerability from variot - Updated: 2025-04-10 22:41Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-0991",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0991",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0991",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-309",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2009-1970. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0991",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53737",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "XF",
"id": "50026",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"id": "VAR-200904-0276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T22:41:50.072000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53737"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50026"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0991"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0991"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50026"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"date": "2009-04-15T10:30:00.640000",
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001231"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-309"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Listener Vulnerabilities in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-309"
}
],
"trust": 0.6
}
}
VAR-200904-0264
Vulnerability from variot - Updated: 2025-04-10 22:40Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE
May 4, 2009
Risk Level: High
Affected versions: Oracle Database Server version 10gR1
Remote exploitable: Yes (Authentication to Database Server is needed)
Credits: This vulnerability was discovered and researched by Esteban Mart\xednez Fay\xf3 of Application Security Inc.
Details: Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS.
Impact: By default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle Database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS or WMSYS privileges.
Vendor Status: Vendor was contacted and a patch was released.
Workaround: Restrict access to the [WM]SYS.LT package.
CVE: CVE-2009-0978
Links: Application Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
Timeline: Vendor Notification - 8/22/2007 Fix - 4/14/2009 Public Disclosure - 5/04/2009
Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0978",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0978",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0978",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0978",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-297",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTeam SHATTER Security Advisory\n\nOracle Database SQL Injection vulnerability in LT.ROLLBACKWORKSPACE\n\nMay 4, 2009\n\nRisk Level:\nHigh\n\nAffected versions:\nOracle Database Server version 10gR1\n\nRemote exploitable:\nYes (Authentication to Database Server is needed)\n\nCredits:\nThis vulnerability was discovered and researched by Esteban Mart\\xednez Fay\\xf3 of Application Security Inc. \n\nDetails:\nOracle Database provides the \"LT\" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS. \n\nImpact:\nBy default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle Database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS or WMSYS privileges. \n\nVendor Status:\nVendor was contacted and a patch was released. \n\nWorkaround:\nRestrict access to the [WM]SYS.LT package. \n\nCVE:\nCVE-2009-0978\n\nLinks:\nApplication Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nTimeline:\nVendor Notification - 8/22/2007\nFix - 4/14/2009\nPublic Disclosure - 5/04/2009\n\nApplication Security, Inc\u0027s database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0978",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53734",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "77385",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"id": "VAR-200904-0264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T22:40:35.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53734"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0978"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0978"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0978"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"db": "PACKETSTORM",
"id": "77385"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"date": "2009-05-10T13:14:44",
"db": "PACKETSTORM",
"id": "77385"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"date": "2009-04-15T10:30:00.420000",
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001228"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-297"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0978"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-297"
}
],
"trust": 0.6
}
}
VAR-200904-0265
Vulnerability from variot - Updated: 2025-04-10 21:57Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Team SHATTER Security Advisory
Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
August 27, 2009
Risk Level: Medium
Affected versions: Oracle Database Server version 9iR1 and 9iR2
Remote exploitable: Yes (Authentication to Database Server is needed)
Credits: This vulnerability was discovered and researched by Esteban Mart\xednez Fay\xf3 of Application Security Inc.
Details: The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed.
Impact: To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process.
Vendor Status: Vendor was contacted and a patch was released.
Workaround: Restrict ALTER SYSTEM privilege.
CVE: CVE-2009-0979
Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Timeline: Vendor Notification - 8/15/2007 Fix - 07/14/2009 Public Disclosure - 08/07/2009
Application Security, Inc's database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0979",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-0979",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-298",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Resource Manager component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTeam SHATTER Security Advisory\n\nBuffer Overflow in Resource Manager of Oracle Database - Plan name parameter\n\nAugust 27, 2009\n\nRisk Level:\nMedium\n\nAffected versions:\nOracle Database Server version 9iR1 and 9iR2\n\nRemote exploitable:\nYes (Authentication to Database Server is needed)\n\nCredits:\nThis vulnerability was discovered and researched by Esteban Mart\\xednez Fay\\xf3 of Application Security Inc. \n\nDetails:\nThe plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed. \n\nImpact:\nTo exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. \n\nVendor Status:\nVendor was contacted and a patch was released. \n\nWorkaround:\nRestrict ALTER SYSTEM privilege. \n\nCVE:\nCVE-2009-0979\n\nLinks:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html\n\nTimeline:\nVendor Notification - 8/15/2007\nFix - 07/14/2009\nPublic Disclosure - 08/07/2009\n\nApplication Security, Inc\u0027s database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0979",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80768",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"id": "VAR-200904-0265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T21:57:43.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0979"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0979"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0979"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "80768"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-08-28T23:14:37",
"db": "PACKETSTORM",
"id": "80768"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"date": "2009-04-15T10:30:00.437000",
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001219"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-298"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Resource Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-298"
}
],
"trust": 0.6
}
}
VAR-200904-0277
Vulnerability from variot - Updated: 2025-04-10 21:39Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. SQL Injection in package DBMS_AQIN
Name SQL Injection in package DBMS_AQIN [CVE-2009-0992] Systems Affected Oracle 10.1.0.5 - 11.1.0.7 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at red-database-security.com) CVE CVE-2009-0992 Advisory 14 April 2009 (V 1.00)
Details The package DBMS_AQIN contains a SQL injection vulnerability.
PROCEDURE DEQ_EXEJOB( LOOPVAR OUT BOOLEAN)
[...]
BEGIN
SYS.DBMS_AQIN.AQ$_DEQUEUE_IN( QUEUE_NAME => 'SYS.AQ_SRVNTF_TABLE_Q', WAIT => DBMS_AQ.NO_WAIT, ENQUEUE_TIME => ENQUEUE_TIME, STATE => STATE, OUT_MSGID => OUT_MSGID, OUT_CORRELATION => OUT_CORRELATION, PRIORITY => PRIORITY, DELAY => DELAY, EXPIRATION => EXPIRATION, ATTEMPTS => ATTEMPTS, EXCEPTION_QUEUE => EXCEPTION_QUEUE, REMOTE_RECIPIENTS => REMOTE_RECIPIENT, SENDER_NAME => SENDER_NAME, SENDER_ADDR => SENDER_ADDR, SENDER_PROTOCOL => SENDER_PROTOCOL, ORIGINAL_MSGID => ORIGINAL_MSGID, RAW_USER_DATA => RAW_USER_DATA, OBJECT_USER_DATA => PAYL, OUT_SIGN => OUT_SIGN);
[...]
PROCSTR := 'begin ' || PAYL.SUB_CALLBACK || '(context => :1,'; PROCSTR := PROCSTR ||'reginfo => sys.aq$_reg_info(:2, :3, :4, :5, :6, :7),'; PROCSTR := PROCSTR ||'descr => sys.aq$_descriptor(:8, :9, :10, sys.msg_prop_t'; PROCSTR := PROCSTR ||'(:11, :12, :13, :14, :15, :16, :17, :18, sys.aq$_agent'; PROCSTR := PROCSTR || '(:19, :20, :21), :22, :23),'; PROCSTR := PROCSTR || ' sys.aq$_ntfn_descriptor(:24))';
Patch Information Apply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0992",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0992",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0992",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-310",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the DEQ_EXEJOB procedure. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. SQL Injection in package DBMS_AQIN\n\nName \t SQL Injection in package DBMS_AQIN [CVE-2009-0992]\nSystems Affected Oracle 10.1.0.5 - 11.1.0.7\nSeverity High Risk\nCategory SQL Injection\nVendor URL http://www.oracle.com/\nAuthor Alexander Kornbrust (ak at red-database-security.com)\nCVE CVE-2009-0992\nAdvisory 14 April 2009 (V 1.00)\n\n\nDetails\nThe package DBMS_AQIN contains a SQL injection vulnerability. \n\nPROCEDURE DEQ_EXEJOB( LOOPVAR OUT BOOLEAN)\n\n\n[...]\n\nBEGIN\n\nSYS.DBMS_AQIN.AQ$_DEQUEUE_IN(\nQUEUE_NAME =\u003e \u0027SYS.AQ_SRVNTF_TABLE_Q\u0027,\nWAIT =\u003e DBMS_AQ.NO_WAIT,\nENQUEUE_TIME =\u003e ENQUEUE_TIME,\nSTATE =\u003e STATE,\nOUT_MSGID =\u003e OUT_MSGID,\nOUT_CORRELATION =\u003e OUT_CORRELATION,\nPRIORITY =\u003e PRIORITY,\nDELAY =\u003e DELAY,\nEXPIRATION =\u003e EXPIRATION,\nATTEMPTS =\u003e ATTEMPTS,\nEXCEPTION_QUEUE =\u003e EXCEPTION_QUEUE,\nREMOTE_RECIPIENTS =\u003e REMOTE_RECIPIENT,\nSENDER_NAME =\u003e SENDER_NAME,\nSENDER_ADDR =\u003e SENDER_ADDR,\nSENDER_PROTOCOL =\u003e SENDER_PROTOCOL,\nORIGINAL_MSGID =\u003e ORIGINAL_MSGID,\nRAW_USER_DATA =\u003e RAW_USER_DATA,\nOBJECT_USER_DATA =\u003e PAYL,\nOUT_SIGN =\u003e OUT_SIGN);\n\n[...]\n\nPROCSTR := \u0027begin \u0027 || PAYL.SUB_CALLBACK || \u0027(context =\u003e :1,\u0027;\nPROCSTR := PROCSTR ||\u0027reginfo =\u003e sys.aq$_reg_info(:2, :3, :4, :5, :6, :7),\u0027;\nPROCSTR := PROCSTR ||\u0027descr =\u003e sys.aq$_descriptor(:8, :9, :10, sys.msg_prop_t\u0027;\nPROCSTR := PROCSTR ||\u0027(:11, :12, :13, :14, :15, :16, :17, :18, sys.aq$_agent\u0027;\nPROCSTR := PROCSTR || \u0027(:19, :20, :21), :22, :23),\u0027;\nPROCSTR := PROCSTR || \u0027 sys.aq$_ntfn_descriptor(:24))\u0027;\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0992",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 SQL INJECTION IN PACKAGE DBMS_AQIN",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"id": "VAR-200904-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T21:39:33.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502723/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0992"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0992"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502723/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0992"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76729"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-16T21:51:10",
"db": "PACKETSTORM",
"id": "76729"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"date": "2009-04-15T10:30:00.657000",
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001222"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-310"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0992"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Advanced Queuing Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001222"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-310"
}
],
"trust": 0.6
}
}
VAR-200904-0418
Vulnerability from variot - Updated: 2025-04-10 21:39Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0997",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0997",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0997",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-315",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0997"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0997",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53739",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"id": "VAR-200904-0418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T21:39:12.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53739"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0997"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0997"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"date": "2009-04-15T10:30:00.767000",
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001233"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-315"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0997"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Database Vault Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-315"
}
],
"trust": 0.6
}
}
VAR-200904-0266
Vulnerability from variot - Updated: 2025-04-10 21:33Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0980",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0980",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0980",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0980",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-0980",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"id": "VAR-200904-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T21:33:26.525000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0980"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0980"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"date": "2009-04-15T10:30:00.453000",
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0980"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001225"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-299"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0980"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of SQLX Functions Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-299"
}
],
"trust": 0.6
}
}
VAR-200904-0271
Vulnerability from variot - Updated: 2025-04-10 21:10Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2009-0985",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0985",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-0985",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-304",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0985",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"id": "VAR-200904-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T21:10:55.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0985"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0985"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"date": "2009-04-15T10:30:00.547000",
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001220"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-304"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Core RDBMS Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-304"
}
],
"trust": 0.6
}
}
VAR-200904-0273
Vulnerability from variot - Updated: 2025-04-10 20:38Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g (11.1.0.6), if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in their April 2009 Critical Patch Update and maps to the currently unspecified vulnerability at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988 Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/
-- E-MAIL DISCLAIMER
The information contained in this email and any subsequent correspondence is private, is solely for the intended recipient(s) and may contain confidential or privileged information. For those other than the intended recipient(s), any disclosure, copying, distribution, or any other action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful. If you are not the intended recipient and have received this message in error, please inform the sender and delete this mail and any attachments.
The views expressed in this email do not necessarily reflect NGS policy. NGS accepts no liability or responsibility for any onward transmission or use of emails and attachments having left the NGS domain.
NGS and NGSSoftware are trading names of Next Generation Security Software Ltd. Registered office address: Manchester Technology Centre, Oxford Road, Manchester, M1 7EF with Company Number 04225835 and VAT Number 783096402 . ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2009-0988",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0988",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2009-0988",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-306",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Password Policy component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Many security standards require the tracking of users\u0027 password history to \nprevent password re-use. In Oracle 11g (11.1.0.6), if a security \nadministrator has enabled 11g passwords exclusively then tracking password \nhistory is broken. This can affect compliance. This was addressed by Oracle \nin their April 2009 Critical Patch Update and maps to the currently \nunspecified vulnerability at \nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0988\nCheers,\nDavid Litchfield\nNGSSoftware Ltd\nhttp://www.ngssoftware.com/\n\n--\nE-MAIL DISCLAIMER\n\nThe information contained in this email and any subsequent\ncorrespondence is private, is solely for the intended recipient(s) and\nmay contain confidential or privileged information. For those other than\nthe intended recipient(s), any disclosure, copying, distribution, or any\nother action taken, or omitted to be taken, in reliance on such\ninformation is prohibited and may be unlawful. If you are not the\nintended recipient and have received this message in error, please\ninform the sender and delete this mail and any attachments. \n\nThe views expressed in this email do not necessarily reflect NGS policy. \nNGS accepts no liability or responsibility for any onward transmission\nor use of emails and attachments having left the NGS domain. \n\nNGS and NGSSoftware are trading names of Next Generation Security\nSoftware Ltd. Registered office address: Manchester Technology Centre,\nOxford Road, Manchester, M1 7EF with Company Number 04225835 and\nVAT Number 783096402\n. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0988",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53740",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "80626",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"id": "VAR-200904-0273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T20:38:01.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53740"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0988"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0988"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0988"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"db": "PACKETSTORM",
"id": "80626"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"date": "2009-08-26T00:13:44",
"db": "PACKETSTORM",
"id": "80626"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"date": "2009-04-15T10:30:00.593000",
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001234"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-306"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0988"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Password Policy Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-306"
}
],
"trust": 0.6
}
}
VAR-200904-0261
Vulnerability from variot - Updated: 2025-04-10 20:31Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0975",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0975",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0975",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0975",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-0975",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0978. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0975",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "53732",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.5
},
{
"db": "BID",
"id": "34461",
"trust": 1.4
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2009-0975",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"id": "VAR-200904-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T20:31:55.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53732"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0975"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0975"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"date": "2009-04-15T10:30:00.360000",
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2009-0975"
},
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001226"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-294"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001226"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-294"
}
],
"trust": 0.6
}
}
VAR-200904-0263
Vulnerability from variot - Updated: 2025-04-10 20:29Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125.
PROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS
GRANT_TXT VARCHAR2(100); GRANT_OPT VARCHAR2(20) := ' with grant option'; BEGIN
EXECUTE_STMT( 'grant execute on sys.aq$_agent to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_subscribers to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_recipients to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_history to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);
[...]
Patch Information Apply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0977",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0977",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0977",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-296",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. \n\nPROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS\n\nGRANT_TXT VARCHAR2(100);\nGRANT_OPT VARCHAR2(20) := \u0027 with grant option\u0027;\nBEGIN\n\nEXECUTE_STMT( \u0027grant execute on sys.aq$_agent to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_dequeue_history to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_subscribers to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_recipients to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_history to \u0027|| USER_NAME||GRANT_OPT);\nEXECUTE_STMT(\u0027grant execute on sys.aq$_dequeue_history to \u0027|| USER_NAME||GRANT_OPT);\n\n[...]\n\n\nPatch Information\nApply the patches for Oracle CPU April 2009. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0977",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 SQL INJECTION IN PACKAGE DBMS_AQADM_SYS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76730",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"id": "VAR-200904-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T20:29:06.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.9,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502727/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0977"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0977"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502727/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0977"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76730"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-16T21:53:18",
"db": "PACKETSTORM",
"id": "76730"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"date": "2009-04-15T10:30:00.407000",
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001223"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-296"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Advanced Queuing Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-296"
}
],
"trust": 0.6
}
}
VAR-200904-0272
Vulnerability from variot - Updated: 2025-04-10 20:16Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0986",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2009-0986",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0986",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0986",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-305",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0986",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53735",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"id": "VAR-200904-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T20:16:15.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53735"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0986"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0986"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"date": "2009-04-15T10:30:00.563000",
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001229"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-305"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0986"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-305"
}
],
"trust": 0.6
}
}
VAR-200904-0259
Vulnerability from variot - Updated: 2025-04-10 20:14Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0973",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-0973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0973",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0973",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-292",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0973",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53736",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"id": "VAR-200904-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T20:14:55.380000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53736"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0973"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0973"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"date": "2009-04-15T10:30:00.327000",
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001230"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-292"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0973"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Cluster Ready Services Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001230"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-292"
}
],
"trust": 0.6
}
}
VAR-200904-0270
Vulnerability from variot - Updated: 2025-04-10 20:08Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database 9i",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0984",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0984",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0984",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-303",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0984",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"id": "VAR-200904-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T20:08:35.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0984"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0984"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"date": "2009-04-15T10:30:00.530000",
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001224"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-303"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Database Vault Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-303"
}
],
"trust": 0.6
}
}
VAR-200904-0262
Vulnerability from variot - Updated: 2025-04-10 19:56Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database 10g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0976",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-295",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to LTADM. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0976",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53733",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"id": "VAR-200904-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T19:56:28.253000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53733"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0976"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0976"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"date": "2009-04-15T10:30:00.377000",
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001227"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-295"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager In the component LTADM Vulnerabilities related to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-295"
}
],
"trust": 0.6
}
}
VAR-200904-0267
Vulnerability from variot - Updated: 2025-04-10 19:43Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database 11g",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0981",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0981",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0981",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-300",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0981",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "53738",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "8456",
"trust": 1.6
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090416 UNPRIVILEGED DB USERS CAN SEE APEX PASSWORD HASHES",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "8456",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"id": "VAR-200904-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T19:43:46.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://osvdb.org/53738"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 2.0,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/8456"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502724/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0981"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0981"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502724/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8456"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"date": "2009-04-15T10:30:00.467000",
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001232"
},
{
"date": "2009-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-300"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Application Express Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001232"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-300"
}
],
"trust": 0.6
}
}
VAR-200904-0258
Vulnerability from variot - Updated: 2025-04-10 19:32Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
For more information see vulnerability #6 through #9 in: SA34693
SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details.
Fixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
I. Description
The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.
Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.
II. Impact
The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.
III. Solution
Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.
IV. References
-
Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
-
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
-
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-105A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
April 15, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.
1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.
2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".
The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available.
PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security
The vendor also credits: * Joshua J. Drake of iDefense * Gerhard Eschelbeck of Qualys, Inc. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/
Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.8dv"
},
{
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.01"
},
{
"model": "systems weblogic portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle9i personal edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.49"
},
{
"model": "oracle11g standard edition one",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "data service integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.3"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2.1"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3.0"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.06"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "systems weblogic portal sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "xml publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.2"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.13"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.04"
},
{
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.1"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.07"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "systems weblogic portal sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.3"
},
{
"model": "systems weblogic portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "systems weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.1"
},
{
"model": "systems weblogic server maintenance pack",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.13"
},
{
"model": "oracle9i standard edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "oracle9i enterprise edition .8dv",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.1"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.3.2"
},
{
"model": "e-business suite 11i",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.5.10.2"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.12"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.15"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.05"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.16"
},
{
"model": "systems weblogic server mp1",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "10.0"
},
{
"model": "peoplesoft enterprise hrms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.9"
},
{
"model": "audit vault",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.02"
},
{
"model": "systems weblogic portal sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.1"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.4"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.12"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.11"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.6"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.16"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0.0.14"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.03"
},
{
"model": "systems weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "7.0"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.2"
},
{
"model": "outside in sdk html export",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "aqualogic data services platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "systems weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "9.0"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Esteban Martinez Fayo Joxean Koret joxeankoret@yahoo.es",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
],
"trust": 0.6
},
"cve": "CVE-2009-0972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2009-0972",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0972",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-0972",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-291",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. \n\nFixed in Good Messaging Server for Exchange 5.0.4.53 and 6.0.0.125. The impacts of these vulnerabilities include\n remote execution of arbitrary code, information disclosure, and\n denial of service. \n\n\nI. Description\n\n The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n vulnerabilities in various Oracle products and components. The\n document provides information about affected components, access and\n authorization required for successful exploitation, and the impact\n from the vulnerabilities on data confidentiality, integrity, and\n availability. \n \n Oracle has associated CVE identifiers with the vulnerabilities\n addressed in this Critical Patch Update. If significant additional\n details about vulnerabilities and remediation techniques become\n available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n The impact of these vulnerabilities varies depending on the\n product, component, and configuration of the system. Potential\n consequences include the execution of arbitrary code or commands,\n information disclosure, and denial of service. Vulnerable\n components may be available to unauthenticated, remote attackers. \n An attacker who compromises an Oracle database may be able to\n access sensitive information. \n\n\nIII. Solution\n\n Apply the appropriate patches or upgrade as specified in the Oracle\n Critical Patch Update Advisory - April 2009. Note that this\n document only lists newly corrected issues. Updates to patches for\n previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \nNo more information is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. Drake of iDefense\n* Gerhard Eschelbeck of Qualys, Inc. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0972"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "BID",
"id": "34461"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0972",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "34693",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA09-105A",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022052",
"trust": 2.4
},
{
"db": "BID",
"id": "34461",
"trust": 1.3
},
{
"db": "VUPEN",
"id": "ADV-2009-1042",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA09-105A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-09-017",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "35135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76704",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"id": "VAR-200904-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.065972224
},
"last_update_date": "2025-04-10T19:32:48.846000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cpuapr2009",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"title": "090417_86",
"trust": 0.8,
"url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
},
{
"title": "TA09-105A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/34693"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1022052"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/34461"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0972"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta09-105a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0972"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/1042"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
},
{
"trust": 0.4,
"url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-23/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2009-22/"
},
{
"trust": 0.3,
"url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "/archive/1/502845"
},
{
"trust": 0.3,
"url": "/archive/1/502707"
},
{
"trust": 0.3,
"url": "/archive/1/502697"
},
{
"trust": 0.3,
"url": "/archive/1/502727"
},
{
"trust": 0.3,
"url": "/archive/1/502723"
},
{
"trust": 0.3,
"url": "/archive/1/506160"
},
{
"trust": 0.3,
"url": "/archive/1/502724"
},
{
"trust": 0.3,
"url": "/archive/1/502683"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
},
{
"trust": 0.3,
"url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34693/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35135/"
},
{
"trust": 0.1,
"url": "http://www.good.com/faq/18431.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34461"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"db": "PACKETSTORM",
"id": "77574"
},
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "PACKETSTORM",
"id": "76704"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"date": "2009-05-18T15:35:49",
"db": "PACKETSTORM",
"id": "77574"
},
{
"date": "2009-04-15T23:15:44",
"db": "PACKETSTORM",
"id": "76710"
},
{
"date": "2009-04-15T15:08:54",
"db": "PACKETSTORM",
"id": "76704"
},
{
"date": "2009-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"date": "2009-04-15T10:30:00.313000",
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-01T16:22:00",
"db": "BID",
"id": "34461"
},
{
"date": "2009-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001221"
},
{
"date": "2009-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-291"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "76710"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Database of Workspace Manager Component vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-291"
}
],
"trust": 0.6
}
}
VAR-200303-0010
Vulnerability from variot - Updated: 2025-04-03 22:37OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.04"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.03"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.02"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "4.01"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.22"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.21"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.19"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.18"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.9,
"vendor": "stunnel",
"version": "3.20"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.6,
"vendor": "stunnel",
"version": "4.0"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.17"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.16"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.15"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.14"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.13"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.12"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.11"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.9"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.8"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.7"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 1.3,
"vendor": "stunnel",
"version": "3.10"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.3,
"vendor": "openpkg",
"version": "1.2"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.3,
"vendor": "openpkg",
"version": "1.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "openpkg",
"scope": "eq",
"trust": 1.0,
"vendor": "openpkg",
"version": "*"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "covalent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crypto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foundry",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fressh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu libgcrypt",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intoto",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssh",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sorceror linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stunnel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vandyke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cryptlib",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "esoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mod ssl",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "openssh",
"scope": "lte",
"trust": 0.8,
"vendor": "openbsd",
"version": "3.5"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6j"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7b"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.4"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "2.6 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7.0 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.8"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.7"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.6"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.5"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.4"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.3"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.2"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.1"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "3.0"
},
{
"model": "securecrt",
"scope": "eq",
"trust": 0.3,
"vendor": "vandyke",
"version": "2.4"
},
{
"model": "cobalt raq xtr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "cobalt qube",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "4.00"
},
{
"model": "communications security ipsec express toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "communications security certificate/tls toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ssh",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "mgetty-sendfax-1.1.14-8.i386.rpm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "mod ssl",
"scope": "eq",
"trust": 0.3,
"vendor": "mod ssl",
"version": "2.8.14"
},
{
"model": "igateway",
"scope": "eq",
"trust": 0.3,
"vendor": "intoto",
"version": "3.2"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.0"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.5"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.4"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.3"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.2"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.1"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.0"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.12"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.11"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.10"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.9"
},
{
"model": "libgcrypt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "1.1.8"
},
{
"model": "networks ironview",
"scope": null,
"trust": 0.3,
"vendor": "foundry",
"version": null
},
{
"model": "big-ip blade controller ptf-01",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "crypto++ library",
"scope": "eq",
"trust": 0.3,
"vendor": "crypto",
"version": "5.0"
},
{
"model": "crypto++ library",
"scope": "eq",
"trust": 0.3,
"vendor": "crypto",
"version": "4.2"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.3"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.2"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "3.1"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.3"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.2"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.3,
"vendor": "covalent",
"version": "2.1"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2-2"
},
{
"model": "openvms -1h2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms -1h1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1-2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "securecrt",
"scope": "ne",
"trust": 0.3,
"vendor": "vandyke",
"version": "4.0.5"
},
{
"model": "project openssl b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssh",
"scope": "ne",
"trust": 0.3,
"vendor": "openssh",
"version": "3.6.1"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.07.01"
},
{
"model": "crypto++ library",
"scope": "ne",
"trust": 0.3,
"vendor": "crypto",
"version": "5.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openbsd:openssh",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_550",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_xtr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Brumley and Dan Boneh.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0147",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0147",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#997481",
"trust": 0.8,
"value": "9.42"
},
{
"author": "NVD",
"id": "CVE-2003-0147",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-116",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server\u0027s private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
},
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "BID",
"id": "7101"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0147",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#997481",
"trust": 1.8
},
{
"db": "BID",
"id": "7101",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"id": "VAR-200303-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2025-04-03T22:37:36.338000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apache.org/"
},
{
"title": "HPSBUX00280",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00954663"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0304-255"
},
{
"title": "HPSBUX0309-280",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0309-280.html"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0304-255.html"
},
{
"title": "secadv_20030317",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030317.txt"
},
{
"title": "RHSA-2003:205",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2003-205.html"
},
{
"title": "RHSA-2003:102",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2003-102.html"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2003-101.html"
},
{
"title": "56380",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1"
},
{
"title": "56380",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3"
},
{
"title": "4 Apache \u0026amp; SSL Security 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Apache \u0026amp; SSL Security 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Apache \u0026amp; SSL Security 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/TLSA-2003-22.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:205",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-205J.html"
},
{
"title": "RHSA-2003:102",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-102J.html"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-101J.html"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-22j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openssl.org/news/secadv_20030317.txt"
},
{
"trust": 1.1,
"url": "http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
},
{
"trust": 1.0,
"url": "http://www.kb.cert.org/vuls/id/997481"
},
{
"trust": 1.0,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"trust": 1.0,
"url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035"
},
{
"trust": 1.0,
"url": "http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2003/dsa-288"
},
{
"trust": 1.0,
"url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
},
{
"trust": 1.0,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
},
{
"trust": 1.0,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2"
},
{
"trust": 0.8,
"url": "http://ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.cryptography.com/resources/whitepapers/timingattacks.pdf"
},
{
"trust": 0.8,
"url": "http://www.bell-labs.com/user/bleichen/papers/chosen.ps"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf"
},
{
"trust": 0.8,
"url": "http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf"
},
{
"trust": 0.8,
"url": "http://islab.oregonstate.edu/documents/people/blaze/quantize.shar"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147"
},
{
"trust": 0.8,
"url": "http://www.securiteam.com/unixfocus/5fp0c209fe.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/7101"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.eskimo.com/~weidai/cryptlib.html"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata31.html#kadmin"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata32.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/ip/deploy/ias/index.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://www.covalent.net/support/rotate.php?page=109"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/315884"
},
{
"trust": 0.3,
"url": "/archive/1/315904"
},
{
"trust": 0.3,
"url": "/archive/1/315292"
},
{
"trust": 0.3,
"url": "/archive/1/315069"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#997481"
},
{
"db": "BID",
"id": "7101"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
},
{
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-03-25T00:00:00",
"db": "CERT/CC",
"id": "VU#997481"
},
{
"date": "2003-03-14T00:00:00",
"db": "BID",
"id": "7101"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"date": "2003-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-116"
},
{
"date": "2003-03-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#997481"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7101"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000098"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-116"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "7101"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "7101"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-116"
}
],
"trust": 0.9
}
}
VAR-200303-0118
Vulnerability from variot - Updated: 2025-04-03 22:14The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack.". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Note that the server's RSA key is not compromised in this attack. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.
Security Patch
The following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i, 0.9.7, and 0.9.7a.
--- s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 +++ s3_srvr.c 19 Mar 2003 18:00:00 -0000 @@ -1447,7 +1447,7 @@ if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); / }
if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
@@ -1463,30 +1463,29 @@ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); / + + / The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (https://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. / + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; } }
if (al != -1)
{
-#if 0 - goto f_err; -#else / Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - / + * (see RFC 2246, section 7.4.7.1). / ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); / should be RAND_bytes, but we cannot work around a failure */ -#endif }
s->session->master_key_length=
References
Report "Attacking RSA-based Sessions in SSL/TLS" by V. Klima, O. Pokorny, and T. Rosa: https://eprint.iacr.org/2003/052/
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0131 to this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131
URL for this Security Advisory: https://www.openssl.org/news/secadv_20030319.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200303-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu tls",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ingrian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mirapoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ssh security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sorceror linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wirex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "esoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mod ssl",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.7a"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.1.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0.4"
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "6.5"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "cobalt raq xtr",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "550"
},
{
"model": "cobalt raq",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4"
},
{
"model": "cobalt qube",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.19"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.7"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.6"
},
{
"model": "open server",
"scope": "eq",
"trust": 0.3,
"vendor": "sco",
"version": "5.0.5"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "oracle9i enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.4"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.3"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.2"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.1"
},
{
"model": "transport layer security library",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.0"
},
{
"model": "big-ip blade controller ptf-01",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "associates etrust security command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "tru64 b",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.1"
},
{
"model": "tru64 a",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "5.0"
},
{
"model": "tru64 g",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "tru64 f",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "4.0"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.3"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2-2"
},
{
"model": "openvms -1h2 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms -1h1 alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1-2"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "7.1"
},
{
"model": "openvms vax",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "compaq",
"version": "6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "project openssl b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.07.01"
},
{
"model": "hp-ux apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.03.01"
},
{
"model": "apache-based web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.3.27.02"
},
{
"model": "transport layer security library",
"scope": "ne",
"trust": 0.3,
"vendor": "gnu",
"version": "0.8.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_550",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_xtr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.",
"sources": [
{
"db": "BID",
"id": "7148"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
],
"trust": 0.9
},
"cve": "CVE-2003-0131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0131",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0131",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#888801",
"trust": 0.8,
"value": "4.05"
},
{
"author": "NVD",
"id": "CVE-2003-0131",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200303-076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application\u0027s private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]\n\nKlima-Pokorny-Rosa attack on RSA in SSL/TLS\n===========================================\n\nCzech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa\nhave come up with an extension of the \"Bleichenbacher attack\" on RSA\nwith PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. \nNote that the server\u0027s RSA key is not compromised in this attack. \nOpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed\npatch modifies SSL/TLS server behaviour to avoid the vulnerability. \n\n\nSecurity Patch\n--------------\n\nThe following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i,\n0.9.7, and 0.9.7a. \n\n--- s3_srvr.c\t29 Nov 2002 11:31:51 -0000\t1.85.2.14\n+++ s3_srvr.c\t19 Mar 2003 18:00:00 -0000\n@@ -1447,7 +1447,7 @@\n \t\tif (i != SSL_MAX_MASTER_KEY_LENGTH)\n \t\t\t{\n \t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);\n+\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */\n \t\t\t}\n \n \t\tif ((al == -1) \u0026\u0026 !((p[0] == (s-\u003eclient_version\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eclient_version \u0026 0xff))))\n@@ -1463,30 +1463,29 @@\n \t\t\t\t(p[0] == (s-\u003eversion\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eversion \u0026 0xff))))\n \t\t\t\t{\n \t\t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);\n-\t\t\t\tgoto f_err;\n+\t\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */\n+\n+\t\t\t\t/* The Klima-Pokorny-Rosa extension of Bleichenbacher\u0027s attack\n+\t\t\t\t * (https://eprint.iacr.org/2003/052/) exploits the version\n+\t\t\t\t * number check as a \"bad version oracle\" -- an alert would\n+\t\t\t\t * reveal that the plaintext corresponding to some ciphertext\n+\t\t\t\t * made up by the adversary is properly formatted except\n+\t\t\t\t * that the version number is wrong. To avoid such attacks,\n+\t\t\t\t * we should treat this just like any other decryption error. */\n+\t\t\t\tp[0] = (char)(int) \"CAN-2003-0131 patch 2003-03-19\";\n \t\t\t\t}\n \t\t\t}\n \n \t\tif (al != -1)\n \t\t\t{\n-#if 0\n-\t\t\tgoto f_err;\n-#else\n \t\t\t/* Some decryption failure -- use random value instead as countermeasure\n \t\t\t * against Bleichenbacher\u0027s attack on PKCS #1 v1.5 RSA padding\n-\t\t\t * (see RFC 2246, section 7.4.7.1). \n-\t\t\t * But note that due to length and protocol version checking, the\n-\t\t\t * attack is impractical anyway (see section 5 in D. Bleichenbacher:\n-\t\t\t * \"Chosen Ciphertext Attacks Against Protocols Based on the RSA\n-\t\t\t * Encryption Standard PKCS #1\", CRYPTO \u002798, LNCS 1462, pp. 1-12). \n-\t\t\t */\n+\t\t\t * (see RFC 2246, section 7.4.7.1). */\n \t\t\tERR_clear_error();\n \t\t\ti = SSL_MAX_MASTER_KEY_LENGTH;\n \t\t\tp[0] = s-\u003eclient_version \u003e\u003e 8;\n \t\t\tp[1] = s-\u003eclient_version \u0026 0xff;\n \t\t\tRAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */\n-#endif\n \t\t\t}\n \t\n \t\ts-\u003esession-\u003emaster_key_length=\n\n\nReferences\n----------\n\nReport \"Attacking RSA-based Sessions in SSL/TLS\" by V. Klima, O. Pokorny,\nand T. Rosa:\nhttps://eprint.iacr.org/2003/052/\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0131 to this issue. \nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20030319.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0131"
},
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "PACKETSTORM",
"id": "169675"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0131",
"trust": 2.8
},
{
"db": "BID",
"id": "7148",
"trust": 2.7
},
{
"db": "CERT/CC",
"id": "VU#888801",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095",
"trust": 0.8
},
{
"db": "XF",
"id": "11586",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2003-0013",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2003-014.0",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-288",
"trust": 0.6
},
{
"db": "SGI",
"id": "20030501-01-I",
"trust": 0.6
},
{
"db": "NETBSD",
"id": "NETBSD-SA2003-007",
"trust": 0.6
},
{
"db": "OPENPKG",
"id": "OPENPKG-SA-2003.026",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030327 IMMUNIX SECURED OS 7+ OPENSSL UPDATE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030319 [OPENSSL ADVISORY] KLIMA-POKORNY-ROSA ATTACK ON PKCS #1 V1.5 PADDING",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030324 GLSA: OPENSSL (200303-20)",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2003:035",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2003:024",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:461",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:102",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:101",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200303-20",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2003:625",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169675",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "PACKETSTORM",
"id": "169675"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"id": "VAR-200303-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2025-04-03T22:14:09.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0304-255"
},
{
"title": "HPSBUX0304-255",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0304-255.html"
},
{
"title": "secadv_20030319",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20030319.txt"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2003-101.html"
},
{
"title": "4 Apache \u0026amp; SSL Security 2.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage"
},
{
"title": "XTR Apache \u0026amp; SSL Security 1.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage"
},
{
"title": "550 Apache \u0026amp; SSL Security 0.0.1",
"trust": 0.8,
"url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/TLSA-2003-22.txt"
},
{
"title": "#62",
"trust": 0.8,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"title": "RHSA-2003:101",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-101J.html"
},
{
"title": "TLSA-2003-22",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-22j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://eprint.iacr.org/2003/052/"
},
{
"trust": 2.5,
"url": "http://www.openssl.org/news/secadv_20030319.txt"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/7148"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/888801"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-102.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-101.html"
},
{
"trust": 1.6,
"url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2003/dsa-288"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"trust": 1.6,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i"
},
{
"trust": 1.6,
"url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-007.txt.asc"
},
{
"trust": 1.6,
"url": "http://www.openpkg.org/security/openpkg-sa-2003.026-openssl.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:035"
},
{
"trust": 1.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625"
},
{
"trust": 1.6,
"url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a461"
},
{
"trust": 1.0,
"url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.i.cz/en/onas/tisk7.html"
},
{
"trust": 0.8,
"url": "http://www.i.cz/en/onas/tisk8.html"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2246.txt"
},
{
"trust": 0.8,
"url": "http://link.springer.de/link/service/series/0558/papers/1462/14620001.pdf"
},
{
"trust": 0.8,
"url": "http://www.rsasecurity.com/rsalabs/pkcs1/qa.html"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc"
},
{
"trust": 0.8,
"url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2408.txt"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc2409.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0131"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0131"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104811162730834\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11586"
},
{
"trust": 0.6,
"url": "http://www.novell.com/linux/security/advisories/2003_024_openssl.html"
},
{
"trust": 0.6,
"url": "http://www.suse.de/de/security/2003_024_openssl.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104878215721135\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104852637112330\u0026w=2"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:461"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://metalink.oracle.com"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/315632"
},
{
"trust": 0.3,
"url": "/archive/1/315884"
},
{
"trust": 0.1,
"url": "https://eprint.iacr.org/2003/052/)"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0131"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "PACKETSTORM",
"id": "169675"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#888801"
},
{
"db": "BID",
"id": "7148"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"db": "PACKETSTORM",
"id": "169675"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-23T00:00:00",
"db": "CERT/CC",
"id": "VU#888801"
},
{
"date": "2003-03-19T00:00:00",
"db": "BID",
"id": "7148"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"date": "2003-03-19T12:12:12",
"db": "PACKETSTORM",
"id": "169675"
},
{
"date": "2003-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"date": "2003-03-24T05:00:00",
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#888801"
},
{
"date": "2009-07-11T21:06:00",
"db": "BID",
"id": "7148"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000095"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200303-076"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-0131"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension",
"sources": [
{
"db": "CERT/CC",
"id": "VU#888801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7148"
},
{
"db": "CNNVD",
"id": "CNNVD-200303-076"
}
],
"trust": 0.9
}
}
VAR-200208-0243
Vulnerability from variot - Updated: 2025-04-03 21:18OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
Vulnerabilities
All four of these are potentially remotely exploitable.
-
The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.
-
The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.
-
The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.
A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
Exploits
There are no known exploits for this vulnerability.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Acknowledgements
This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt
Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt
URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openldap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "trustix",
"version": null
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.1c"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.2.1s"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.4"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.5a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "9.1.x"
},
{
"model": "bind",
"scope": "lte",
"trust": 0.8,
"vendor": "isc",
"version": "9.2.2"
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "application server",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9ias"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.1"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq550",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1000"
},
{
"model": "computing safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "3.1"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "oracle9i application server",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "http server for server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "linux affinity toolkit",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.6"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.5"
},
{
"model": "tru64 unix internet express",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.9"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.8.1"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"model": "openssl for openvms alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "internet express eak",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "project openssl beta3",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "project openssl g",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl e",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "netmail e",
"scope": "ne",
"trust": 0.3,
"vendor": "novell",
"version": "3.10"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.9.2"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.9.1"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.8.2"
},
{
"model": "openssl for openvms alpha -a",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:isc:bind",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_550",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_xtr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A.L. Digital Ltd\nThe Bunker",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0655",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0655",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#561275",
"trust": 0.8,
"value": "5.88"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#308891",
"trust": 0.8,
"value": "17.63"
},
{
"author": "NVD",
"id": "CVE-2002-0655",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5046",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Remotely exploitable buffer overflow conditions have been reported in OpenSSL. It is possible to overflow these buffers on a vulnerable system if overly large values are submitted by a malicious attacker. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. There is a loophole in the design and implementation of OpenSSL. Under certain circumstances, a remote attacker may use this loophole to cause a denial of service attack on the server or execute arbitrary instructions on the host. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\nVulnerabilities\n---------------\n\nAll four of these are potentially remotely exploitable. \n\n1. The client master key in SSL2 could be oversized and overrun a\n buffer. This vulnerability was also independently discovered by\n consultants at Neohapsis (http://www.neohapsis.com/) who have also\n demonstrated that the vulerability is exploitable. Exploit code is\n NOT available at this time. \n\n2. The session ID supplied to a client in SSL3 could be oversized and\n overrun a buffer. \n\n3. The master key supplied to an SSL3 server could be oversized and\n overrun a stack-based buffer. This issues only affects OpenSSL\n 0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nExploits\n--------\n\nThere are no known exploits for this vulnerability. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0655"
},
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "PACKETSTORM",
"id": "169647"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5364",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#308891",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2002-0655",
"trust": 2.9
},
{
"db": "BID",
"id": "5353",
"trust": 1.6
},
{
"db": "BID",
"id": "5361",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#561275",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173",
"trust": 0.7
},
{
"db": "CONECTIVA",
"id": "CLA-2002:513",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2002-033.0",
"trust": 0.6
},
{
"db": "CALDERA",
"id": "CSSA-2002-033.1",
"trust": 0.6
},
{
"db": "MANDRAKE",
"id": "MDKSA-2002:046",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2002-23",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-02:33",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5046",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169647",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"id": "VAR-200208-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5046"
}
],
"trust": 0.40555555
},
"last_update_date": "2025-04-03T21:18:19.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "secadv_20020730",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"title": "#37",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslAlert.html"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2002-155.html"
},
{
"title": "46424",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
},
{
"title": "ISC Information for VU#308891",
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/JSHA-5CSM74"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-155J.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/5364"
},
{
"trust": 2.5,
"url": "http://www.cert.org/advisories/ca-2002-23.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/308891"
},
{
"trust": 1.7,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
},
{
"trust": 1.7,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
},
{
"trust": 1.7,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
},
{
"trust": 1.7,
"url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/5353"
},
{
"trust": 1.6,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/5361"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0655"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0655"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
},
{
"trust": 0.3,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
},
{
"trust": 0.3,
"url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/securitypatch"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=120139"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=120141"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
},
{
"trust": 0.1,
"url": "http://www.neohapsis.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
},
{
"trust": 0.1,
"url": "http://www.thebunker.net/)"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv_20020730.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#561275"
},
{
"db": "CERT/CC",
"id": "VU#308891"
},
{
"db": "VULHUB",
"id": "VHN-5046"
},
{
"db": "BID",
"id": "5364"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#561275"
},
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#308891"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5046"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5364"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"date": "2002-07-30T12:12:12",
"db": "PACKETSTORM",
"id": "169647"
},
{
"date": "2002-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#561275"
},
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#308891"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5046"
},
{
"date": "2015-03-19T08:28:00",
"db": "BID",
"id": "5364"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000171"
},
{
"date": "2006-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-173"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process",
"sources": [
{
"db": "CERT/CC",
"id": "VU#561275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5364"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-173"
}
],
"trust": 0.9
}
}
VAR-200208-0244
Vulnerability from variot - Updated: 2025-04-03 19:55Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. ***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
-
The client master key in SSL2 could be oversized and overrun a buffer. Exploit code is NOT available at this time.
-
This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
-
Various buffers for ASCII representations of integers were too small on 64 bit platforms.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.
A patch for 0.9.7 is available from the OpenSSL website (https://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
Acknowledgements
This vulnerability was discovered by Adi Stav stav@mercury.co.il and James Yonan jim@ntlp.com independently. The patch is partly based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Combined patches for OpenSSL 0.9.6d: https://www.openssl.org/news/patch_20020730_0_9_6d.txt
Combined patches for OpenSSL 0.9.7 beta 2: https://www.openssl.org/news/patch_20020730_0_9_7.txt
URL for this Security Advisory: https://www.openssl.org/news/secadv_20020730.txt .
-----BEGIN PGP SIGNED MESSAGE-----
CERT Summary CS-2002-04
November 26, 2002
Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT Summary to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information. The summary includes pointers to sources of information for dealing with the problems.
Past CERT summaries are available from:
CERT Summaries
http://www.cert.org/summaries/
Recent Activity
Since the last regularly scheduled CERT summary, issued in August 2002 (CS-2002-03), we have seen trojan horses for three popular distributions, new self-propagating malicious code (Apache/mod_ssl), and multiple vulnerabilities in BIND. In addition, we have issued a new PGP Key.
For more current information on activity being reported to the CERT/CC, please visit the CERT/CC Current Activity page. The Current Activity page is a regularly updated summary of the most frequent, high-impact types of security incidents and vulnerabilities being reported to the CERT/CC. The information on the Current Activity page is reviewed and updated as reporting trends change.
CERT/CC Current Activity
http://www.cert.org/current/current_activity.html
1. Reports received by the CERT/CC indicate
that the Apache/mod_ssl worm has already infected thousands of
systems. Over a month earlier, the CERT/CC issued an advisory
(CA-2002-23) describing four remotely exploitable buffer overflows
in OpenSSL. Trojan Horse Sendmail Distribution
The CERT/CC has received confirmation that some copies of the
source code for the Sendmail package have been modified by an
intruder to contain a Trojan horse. These copies began to appear
in downloads from the FTP server ftp.sendmail.org on or around
September 28, 2002. On October 8, 2002, the CERT/CC issued an
advisory (CA-2002-28) describing various methods to verify
software authenticity.
CERT Advisory CA-2002-28
Trojan Horse Sendmail Distribution
http://www.cert.org/advisories/CA-2002-28.html
3. Trojan Horse tcpdump and libpcap Distributions
The CERT/CC has received reports that some copies of the source
code for libpcap, a packet acquisition library, and tcpdump, a
network sniffer, have been modified by an intruder and contain a
Trojan horse. These modified distributions began to appear in
downloads from the HTTP server www.tcpdump.org on or around Nov
11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5
checksums and official distribution sites for libpcap and tcpdump.
CERT Advisory CA-2002-30
Trojan Horse tcpdump and libpcap Distributions
http://www.cert.org/advisories/CA-2002-30.html
4. Multiple Vulnerabilities in BIND
The CERT/CC has documented multiple vulnerabilities in BIND, the
popular domain name server and client library software package
from the Internet Software Consortium (ISC). Several vulnerabilities are referenced in the advisory;
they are listed here individually.
CERT Advisory CA-2002-31
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories/CA-2002-31.html
Vulnerability Note #852283
Cached malformed SIG record buffer overflow
http://www.kb.cert.org/vuls/id/852283
Vulnerability Note #229595
Overly large OPT record assertion
http://www.kb.cert.org/vuls/id/229595
Vulnerability Note #581682
ISC Bind 8 fails to properly dereference cache SIG RR
elements invalid expiry times from the internal database
http://www.kb.cert.org/vuls/id/581682
Vulnerability Note #844360
Domain Name System (DNS) stub resolver libraries
vulnerable to buffer overflows via network name or
address lookups
http://www.kb.cert.org/vuls/id/844360
5. Heap Overflow Vulnerability in Microsoft Data Access Components
(MDAC)
On November 21, 2002 the CERT/CC issued an advisory (CA-2002-33)
describing a vulnerability in MDAC, a collection of Microsoft
utilities and routines that process requests between databases and
network applications.
CERT Advisory CA-2002-33
Heap Overflow Vulnerability in Microsoft Data Access
Components (MDAC)
http://www.cert.org/advisories/CA-2002-33.html
New CERT/CC PGP Key
On September 19, the CERT/CC issued a new PGP key, which should be used when sending sensitive information to the CERT/CC.
CERT/CC PGP Public Key
https://www.cert.org/pgp/cert_pgp_key.asc
Sending Sensitive Information To The CERT/CC
http://www.cert.org/contact_cert/encryptmail.html
What's New and Updated
Since the last CERT Summary, we have published new and updated * Advisories http://www.cert.org/advisories/ * Congressional Testimony http://www.cert.org/congressional_testimony/ * CERT/CC Statistics http://www.cert.org/stats/cert_stats.html * Home User Security http://www.cert.org/homeusers/HomeComputerSecurity * Tech Tips http://www.cert.org/tech_tips/ * Training Schedule http:/www.cert.org/training/
This document is available from: http://www.cert.org/summaries/CS-2002-04.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________
Conditions for use, disclaimers, and sponsorship information
Copyright \xa92002 Carnegie Mellon University.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A 6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS ZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD OiZbNHX+eb8= =Mnbn -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 4.8,
"vendor": "apple computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 4.0,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "debian",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "mandrakesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "netbsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "trustix",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.7,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.7,
"vendor": "apple",
"version": "10.1.5"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "guardian digital",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openldap",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openssl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "secure computing",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "isc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "openwall gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nortel",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.1c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.2b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.5a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6a"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6b"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 1.1,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "*"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2.1s"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporate time outlook connector",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.1,
"vendor": "apple",
"version": "10.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "alcatel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu glibc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "metasolv",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sgi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the sco group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xerox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conectiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "engarde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the openpkg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "covalent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.6d"
},
{
"model": "application server",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2.0.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9ias"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1.7.1"
},
{
"model": "database",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "cobalt raq3",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raq4",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "cobalt raqxtr",
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.00"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.20"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.22"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "internet express eak",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.2"
},
{
"model": "linux affinity toolkit",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "oracle9i application server .1s",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "linux rc3",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "0.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "openssl for openvms alpha",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "project openssl beta3",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "linux rc1",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.0"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "2.2"
},
{
"model": "netmail b",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "enterprise ready server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "2.1"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "netmail e",
"scope": "ne",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.6"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.8.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.4"
},
{
"model": "netmail a",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "netmail",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "project openssl g",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1.1"
},
{
"model": "webproxy",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "netmail c",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2"
},
{
"model": "project openssl e",
"scope": "ne",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "corporatetime outlook connector",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.5"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "fast start server",
"scope": "eq",
"trust": 0.6,
"vendor": "covalent",
"version": "3.1"
},
{
"model": "tru64 unix internet express",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "5.3"
},
{
"model": "openssl for openvms alpha -a",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.7"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.3"
},
{
"model": "oracle9i application server",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"model": "virtualvault",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "4.5"
},
{
"model": "tru64 unix compaq secure web server",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "5.9.2"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.1"
},
{
"model": "netmail d",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "3.10"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.1-1"
},
{
"model": "linux a",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.1"
},
{
"model": "secure os software for linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.0"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.2"
},
{
"model": "linux rc2",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "1.4"
},
{
"model": "mgetty-sendfax-1.1.14-8.i386.rpm",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.6,
"vendor": "gentoo",
"version": "0.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.7"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.22"
},
{
"model": "ssl-r6",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.9"
},
{
"model": "safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "3.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.16"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.26"
},
{
"model": "bsafe ssl-c me",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": null
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0"
},
{
"model": "bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "ssl-r",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.15"
},
{
"model": "ssl-rx",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "mac",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.24"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.34"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.19"
},
{
"model": "sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.5"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "secure content accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "-beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.17"
},
{
"model": "ssl-r3",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.18"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
},
{
"model": "jetdirect rev. u.23.99",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "networks m-series router m5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "88000"
},
{
"model": "omniaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "2100"
},
{
"model": "crypto accelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1000"
},
{
"model": "networks m-series router m20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.4"
},
{
"model": "security bsafe ssl-c me",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": null
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.3"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.6"
},
{
"model": "networks m-series router m160",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks m-series router m40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks t-series router t320",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1.1"
},
{
"model": "networks sdx-300",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "3.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.2"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77000"
},
{
"model": "rcp",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "77700"
},
{
"model": "networks m-series router m10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "computing safeword premieraccess",
"scope": "eq",
"trust": 0.3,
"vendor": "secure",
"version": "3.1"
},
{
"model": "networks m-series router m40e",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.3"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "66000"
},
{
"model": "networks t-series router t640",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.2"
},
{
"model": "security bsafe ssl-c",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "2.1"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.0"
},
{
"model": "security bsafe ssl-j sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "omniswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "78000"
},
{
"model": "jetdirect rev. l.23.99",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect rev. u.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jetdirect rev. l.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:database_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_xtr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:vvos",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A.L. Digital Ltd\nThe Bunker",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0656",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5047",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0656",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#258555",
"trust": 0.8,
"value": "3.19"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#844360",
"trust": 0.8,
"value": "8.91"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#852283",
"trust": 0.8,
"value": "30.38"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#581682",
"trust": 0.8,
"value": "27.54"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#229595",
"trust": 0.8,
"value": "33.05"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#102795",
"trust": 0.8,
"value": "17.63"
},
{
"author": "NVD",
"id": "CVE-2002-0656",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-027",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5047",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-0656",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be affected. An attacker could execute arbitrary code with the privileges of the application that made the request or cause a denial of service. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Based on recent reports, we believe this vulnerability is being actively exploited. OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. OpenSSL Is OpenSSL On the server SSL version 2.0 ( Less than, SSLv2) The buffer overflow vulnerability is caused by handshake processing. \nThe issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. \n***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available. OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. OpenSSL Security Advisory [30 July 2002]\n\nThis advisory consists of two independent advisories, merged, and is\nan official OpenSSL advisory. \n\nAdvisory 1\n==========\n\nA.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are\nconducting a security review of OpenSSL, under the DARPA program\nCHATS. \n\n1. The client master key in SSL2 could be oversized and overrun a\n buffer. Exploit code is\n NOT available at this time. \n\n2. \n\n3. This issues only affects OpenSSL\n 0.9.7 before 0.9.7-beta3 with Kerberos enabled. \n\n4. Various buffers for ASCII representations of integers were too\n small on 64 bit platforms. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue\n3, and CAN-2002-0655 to issue 4. \n\nIn addition various potential buffer overflows not known to be\nexploitable have had assertions added to defend against them. \n\nWho is affected?\n----------------\n\nEveryone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or\ncurrent development snapshots of 0.9.7 to provide SSL or TLS is\nvulnerable, whether client or server. 0.9.6d servers on 32-bit systems\nwith SSL 2.0 disabled are not vulnerable. \n\nSSLeay is probably also affected. \n\nRecommendations\n---------------\n\nApply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL\n0.9.6e. Recompile all applications using OpenSSL to provide SSL or\nTLS. \n\nA patch for 0.9.7 is available from the OpenSSL website\n(https://www.openssl.org/). \n\nServers can disable SSL2, alternatively disable all applications using\nSSL or TLS until the patches are applied. Users of 0.9.7 pre-release\nversions with Kerberos enabled will also have to disable Kerberos. \n\nClient should be disabled altogether until the patches are applied. \n\nKnown Exploits\n--------------\n\nThere are no know exploits available for these vulnerabilities. As\nnoted above, Neohapsis have demonstrated internally that an exploit is\npossible, but have not released the exploit code. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657\n\nAcknowledgements\n----------------\n\nThe project leading to this advisory is sponsored by the Defense\nAdvanced Research Projects Agency (DARPA) and Air Force Research\nLaboratory, Air Force Materiel Command, USAF, under agreement number\nF30602-01-2-0537. \n\nThe patch and advisory were prepared by Ben Laurie. \n\n\n\nAdvisory 2\n==========\n\nVulnerabilities\n---------------\n\nThe ASN1 parser can be confused by supplying it with certain invalid\nencodings. \n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0659 to this issue. \n\nWho is affected?\n----------------\n\nAny OpenSSL program which uses the ASN1 library to parse untrusted\ndata. This includes all SSL or TLS applications, those using S/MIME\n(PKCS#7) or certificate generation routines. \n\nRecommendations\n---------------\n\nApply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile\nall applications using OpenSSL. \n\nUsers of 0.9.7 pre-release versions should apply the patch or upgrade\nto 0.9.7-beta3 or later. Recompile all applications using OpenSSL. \n\nReferences\n----------\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659\n\nAcknowledgements\n----------------\n\nThis vulnerability was discovered by Adi Stav \u003cstav@mercury.co.il\u003e\nand James Yonan \u003cjim@ntlp.com\u003e independently. The patch is partly\nbased on a version by Adi Stav. \n\nThe patch and advisory were prepared by Dr. Stephen Henson. \n\n\n\n\nCombined patches for OpenSSL 0.9.6d:\nhttps://www.openssl.org/news/patch_20020730_0_9_6d.txt\n\nCombined patches for OpenSSL 0.9.7 beta 2:\nhttps://www.openssl.org/news/patch_20020730_0_9_7.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20020730.txt\n. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Summary CS-2002-04\n\n November 26, 2002\n\n Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT\n Summary to draw attention to the types of attacks reported to our\n incident response team, as well as other noteworthy incident and\n vulnerability information. The summary includes pointers to sources of\n information for dealing with the problems. \n\n Past CERT summaries are available from:\n\n CERT Summaries\n http://www.cert.org/summaries/\n ______________________________________________________________________\n\nRecent Activity\n\n Since the last regularly scheduled CERT summary, issued in August 2002\n (CS-2002-03), we have seen trojan horses for three popular\n distributions, new self-propagating malicious code (Apache/mod_ssl),\n and multiple vulnerabilities in BIND. In addition, we have issued a\n new PGP Key. \n\n For more current information on activity being reported to the\n CERT/CC, please visit the CERT/CC Current Activity page. The Current\n Activity page is a regularly updated summary of the most frequent,\n high-impact types of security incidents and vulnerabilities being\n reported to the CERT/CC. The information on the Current Activity page\n is reviewed and updated as reporting trends change. \n\n CERT/CC Current Activity\n http://www.cert.org/current/current_activity.html\n\n\n 1. Reports received by the CERT/CC indicate\n that the Apache/mod_ssl worm has already infected thousands of\n systems. Over a month earlier, the CERT/CC issued an advisory\n (CA-2002-23) describing four remotely exploitable buffer overflows\n in OpenSSL. Trojan Horse Sendmail Distribution\n\n The CERT/CC has received confirmation that some copies of the\n source code for the Sendmail package have been modified by an\n intruder to contain a Trojan horse. These copies began to appear\n in downloads from the FTP server ftp.sendmail.org on or around\n September 28, 2002. On October 8, 2002, the CERT/CC issued an\n advisory (CA-2002-28) describing various methods to verify\n software authenticity. \n\n\t\tCERT Advisory CA-2002-28\n\t\tTrojan Horse Sendmail Distribution\n\t\thttp://www.cert.org/advisories/CA-2002-28.html\n\n\n 3. Trojan Horse tcpdump and libpcap Distributions\n\n The CERT/CC has received reports that some copies of the source\n code for libpcap, a packet acquisition library, and tcpdump, a\n network sniffer, have been modified by an intruder and contain a\n Trojan horse. These modified distributions began to appear in\n downloads from the HTTP server www.tcpdump.org on or around Nov\n 11, 2002. The CERT/CC issued an advisory (CA-2002-30) listing MD5\n checksums and official distribution sites for libpcap and tcpdump. \n\n\t\tCERT Advisory CA-2002-30\n\t\tTrojan Horse tcpdump and libpcap Distributions\n\t\thttp://www.cert.org/advisories/CA-2002-30.html\n\n\n 4. Multiple Vulnerabilities in BIND\n\n The CERT/CC has documented multiple vulnerabilities in BIND, the\n popular domain name server and client library software package\n from the Internet Software Consortium (ISC). Several vulnerabilities are referenced in the advisory;\n they are listed here individually. \n\n\t\tCERT Advisory CA-2002-31\n\t\tMultiple Vulnerabilities in BIND\n\t\thttp://www.cert.org/advisories/CA-2002-31.html\n\n\t\tVulnerability Note #852283\n\t\tCached malformed SIG record buffer overflow\n\t\thttp://www.kb.cert.org/vuls/id/852283\n\n\t\tVulnerability Note #229595\n\t\tOverly large OPT record assertion\n\t\thttp://www.kb.cert.org/vuls/id/229595\n\n\t\tVulnerability Note #581682\n\t\tISC Bind 8 fails to properly dereference cache SIG RR \n\t\telements invalid expiry times from the internal database\n\t\thttp://www.kb.cert.org/vuls/id/581682\n\n\t\tVulnerability Note #844360\n\t\tDomain Name System (DNS) stub resolver libraries \n\t\tvulnerable to buffer overflows via network name or \n\t\taddress lookups\n\t\thttp://www.kb.cert.org/vuls/id/844360\n\n 5. Heap Overflow Vulnerability in Microsoft Data Access Components\n (MDAC)\n\n On November 21, 2002 the CERT/CC issued an advisory (CA-2002-33)\n describing a vulnerability in MDAC, a collection of Microsoft\n utilities and routines that process requests between databases and\n network applications. \n\n\t CERT Advisory CA-2002-33\n\t Heap Overflow Vulnerability in Microsoft Data Access \n\t Components (MDAC)\n\t http://www.cert.org/advisories/CA-2002-33.html\n ______________________________________________________________________\n\nNew CERT/CC PGP Key\n\n On September 19, the CERT/CC issued a new PGP key, which should be\n used when sending sensitive information to the CERT/CC. \n\n CERT/CC PGP Public Key\n https://www.cert.org/pgp/cert_pgp_key.asc\n Sending Sensitive Information To The CERT/CC\n\n http://www.cert.org/contact_cert/encryptmail.html\n ______________________________________________________________________\n\nWhat\u0027s New and Updated\n\n Since the last CERT Summary, we have published new and updated\n * Advisories\n http://www.cert.org/advisories/\n * Congressional Testimony\n http://www.cert.org/congressional_testimony/\n * CERT/CC Statistics\n http://www.cert.org/stats/cert_stats.html\n * Home User Security\n http://www.cert.org/homeusers/HomeComputerSecurity\n * Tech Tips\n http://www.cert.org/tech_tips/\n * Training Schedule\n http:/www.cert.org/training/\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/summaries/CS-2002-04.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\n Using encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\n Getting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n _________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright \\xa92002 Carnegie Mellon University. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPePMQWjtSoHZUTs5AQGdxwP9HK4mSF15bMQ9MZ4mMFcLIhvdXykANg8A\n6nEIAyB8CJpbuWdP7sPh3qAwaZ9BhRFEGeLakONOpoo7bmjkwAWrJHxF3b1CrgHS\nZuKQsgEhnm9wpPdU6w6SG1cJBkwz70b8d7YK0vcVuKhmaW0JOx9OLGKsAe3SFePD\nOiZbNHX+eb8=\n=Mnbn\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
},
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "PACKETSTORM",
"id": "30532"
}
],
"trust": 6.84
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5047",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40347",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0656",
"trust": 3.3
},
{
"db": "BID",
"id": "5362",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#102795",
"trust": 2.9
},
{
"db": "CERT/CC",
"id": "VU#258555",
"trust": 2.8
},
{
"db": "BID",
"id": "5363",
"trust": 1.5
},
{
"db": "CERT/CC",
"id": "VU#844360",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#852283",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#581682",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#229595",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "40347",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-75494",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75495",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5047",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-0656",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169647",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "30532",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"id": "VAR-200208-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5047"
}
],
"trust": 0.40555555
},
"last_update_date": "2025-04-03T19:55:05.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBUX0209-217",
"trust": 0.8,
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?admit=-682735245+1041818851527+28353475\u0026amp;docId=HPSBUX0209-217"
},
{
"title": "HPSBUX0209-217",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0209-217.html"
},
{
"title": "secadv_20020730",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"title": "#37",
"trust": 0.8,
"url": "http://www.oracle.com/technology/deploy/security/htdocs/opensslAlert.html"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2002-155.html"
},
{
"title": "46424",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46424-1"
},
{
"title": "RHSA-2002:155",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-155J.html"
},
{
"title": "Debian Security Advisories: DSA-136-1 openssl -- multiple remote exploits",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8ab1654e85c2f0d32d45eef6fce839f1"
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/LinuxFlaw "
},
{
"title": "cve-",
"trust": 0.1,
"url": "https://github.com/oneoy/cve- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/5362"
},
{
"trust": 2.4,
"url": "http://www.isc.org/products/bind/bind-security.html"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/102795"
},
{
"trust": 2.1,
"url": "http://www.cert.org/advisories/ca-2002-23.html"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/258555"
},
{
"trust": 1.6,
"url": "about vulnerability notes"
},
{
"trust": 1.6,
"url": "contact us about this vulnerability"
},
{
"trust": 1.6,
"url": "provide a vendor statement"
},
{
"trust": 1.6,
"url": "http://bvlive01.iss.net/issen/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"trust": 1.6,
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/5363"
},
{
"trust": 1.2,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.0.txt"
},
{
"trust": 1.2,
"url": "ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-033.1.txt"
},
{
"trust": 1.2,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-02:33.openssl.asc"
},
{
"trust": 1.2,
"url": "http://www.linux-mandrake.com/en/security/2002/mdksa-2002-046.php"
},
{
"trust": 1.2,
"url": "http://www.iss.net/security_center/static/9714.php"
},
{
"trust": 1.2,
"url": "http://www.iss.net/security_center/static/9716.php"
},
{
"trust": 1.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000513"
},
{
"trust": 0.9,
"url": "http://www.cert.org/advisories/ca-2002-27.html"
},
{
"trust": 0.8,
"url": "http://wp.netscape.com/eng/ssl3/draft302.txt"
},
{
"trust": 0.8,
"url": "http://www.isc.org/products/bind/patches/bind4910.diff"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/m-103.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0656"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/20020731openssl.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023001.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023101.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023201.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2002/wr023601.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-27"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2002-23"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0656"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030424_144742.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20030416_114510.html"
},
{
"trust": 0.6,
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965676.htm"
},
{
"trust": 0.6,
"url": "http://otn.oracle.com/deploy/security/htdocs/opensslalert.html"
},
{
"trust": 0.6,
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl_products_security_bulletin_aug_8_2002.pdf"
},
{
"trust": 0.6,
"url": "http://docs.info.apple.com/article.html?artnum=120139"
},
{
"trust": 0.6,
"url": "http://docs.info.apple.com/article.html?artnum=120141"
},
{
"trust": 0.4,
"url": "http://www.openssl.org/news/secadv_20020730.txt"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/b4bc2930d33dc6d98cf1c6c819f241e1.html"
},
{
"trust": 0.3,
"url": "http://www.sonicwall.com/support/security_advisories/security_advisory-openssl.html"
},
{
"trust": 0.3,
"url": "http://www.hp.com/cposupport/networking/support_doc/bpj05999.html#p26_2431"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/securitypatch"
},
{
"trust": 0.1,
"url": ""
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000513"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/http-openssl-malformed-client-key-bof"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/40347/"
},
{
"trust": 0.1,
"url": "http://www.neohapsis.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0657"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0657"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_6d.txt"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0656"
},
{
"trust": 0.1,
"url": "http://www.thebunker.net/)"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/patch_20020730_0_9_7.txt"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0655"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2002-0659"
},
{
"trust": 0.1,
"url": "https://www.tcpdump.org"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/cs-2002-04.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/homeusers/homecomputersecurity"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/852283"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/581682"
},
{
"trust": 0.1,
"url": "http://www.cert.org/summaries/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"trust": 0.1,
"url": "http://www.cert.org/stats/cert_stats.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/congressional_testimony/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-31.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/current/current_activity.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/229595"
},
{
"trust": 0.1,
"url": "https://www.cert.org/training/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/contact_cert/encryptmail.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "https://www.cert.org/pgp/cert_pgp_key.asc"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-30.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/tech_tips/"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-33.html"
},
{
"trust": 0.1,
"url": "http://www.cert.org/advisories/ca-2002-28.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#258555"
},
{
"db": "CERT/CC",
"id": "VU#844360"
},
{
"db": "CERT/CC",
"id": "VU#852283"
},
{
"db": "CERT/CC",
"id": "VU#581682"
},
{
"db": "CERT/CC",
"id": "VU#229595"
},
{
"db": "CERT/CC",
"id": "VU#102795"
},
{
"db": "VULHUB",
"id": "VHN-5047"
},
{
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"db": "PACKETSTORM",
"id": "169647"
},
{
"db": "PACKETSTORM",
"id": "30532"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
},
{
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#258555"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#844360"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#852283"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#581682"
},
{
"date": "2002-11-13T00:00:00",
"db": "CERT/CC",
"id": "VU#229595"
},
{
"date": "2002-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#102795"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5047"
},
{
"date": "2002-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5363"
},
{
"date": "2002-07-30T00:00:00",
"db": "BID",
"id": "5362"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"date": "2002-07-30T12:12:12",
"db": "PACKETSTORM",
"id": "169647"
},
{
"date": "2002-11-30T11:13:52",
"db": "PACKETSTORM",
"id": "30532"
},
{
"date": "2002-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-027"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#258555"
},
{
"date": "2003-04-24T00:00:00",
"db": "CERT/CC",
"id": "VU#844360"
},
{
"date": "2004-10-18T00:00:00",
"db": "CERT/CC",
"id": "VU#852283"
},
{
"date": "2003-02-25T00:00:00",
"db": "CERT/CC",
"id": "VU#581682"
},
{
"date": "2003-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#229595"
},
{
"date": "2002-09-30T00:00:00",
"db": "CERT/CC",
"id": "VU#102795"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5047"
},
{
"date": "2008-09-10T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0656"
},
{
"date": "2007-12-20T17:11:00",
"db": "BID",
"id": "5363"
},
{
"date": "2007-11-15T00:40:00",
"db": "BID",
"id": "5362"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000172"
},
{
"date": "2006-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-027"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL clients contain a buffer overflow during the SSL3 handshake process",
"sources": [
{
"db": "CERT/CC",
"id": "VU#258555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "5363"
},
{
"db": "BID",
"id": "5362"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-027"
}
],
"trust": 1.2
}
}
VAR-202012-1555
Vulnerability from variot - Updated: 2024-11-23 22:40Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1555",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "4.5"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"cve": "CVE-2020-5359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5359",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-183484",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5359",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-014490",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5359",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5359",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-5359",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1188",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-183484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5359"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "VULHUB",
"id": "VHN-183484"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5359",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183484",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"id": "VAR-202012-1555",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:40:49.226000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-114",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"title": "Dell BSAFE Micro Edition Suite Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137342"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-252",
"trust": 1.1
},
{
"problemtype": "CWE-544",
"trust": 1.0
},
{
"problemtype": "Unchecked return value (CWE-252) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5359"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
},
{
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-183484"
},
{
"date": "2021-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1188"
},
{
"date": "2020-12-16T16:15:14.320000",
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-183484"
},
{
"date": "2021-08-20T08:21:00",
"db": "JVNDB",
"id": "JVNDB-2020-014490"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1188"
},
{
"date": "2024-11-21T05:33:58.707000",
"db": "NVD",
"id": "CVE-2020-5359"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Unchecked return value vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1188"
}
],
"trust": 0.6
}
}
VAR-201909-1540
Vulnerability from variot - Updated: 2024-11-23 22:05RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rsa:bsafe_cert-j",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rsa:bsafe_crypto-j",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rsa:bsafe_ssl-j",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
}
]
},
"cve": "CVE-2019-3739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3739",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3739",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3739",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3739",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3739",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3739",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-880",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155174",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3739"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "VULHUB",
"id": "VHN-155174"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3739",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155174",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"id": "VAR-201909-1540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:05:59.432000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98405"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.9
},
{
"problemtype": "CWE-310",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3739"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3739"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155174"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
},
{
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155174"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-880"
},
{
"date": "2019-09-18T23:15:11.110000",
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155174"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009635"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-880"
},
{
"date": "2024-11-21T04:42:26.480000",
"db": "NVD",
"id": "CVE-2019-3739"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerability related to information disclosure caused by difference in response to security related processing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009635"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-880"
}
],
"trust": 0.6
}
}
VAR-202012-1556
Vulnerability from variot - Updated: 2024-11-23 21:25Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe micro-edition-suite",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "security service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "weblogic server proxy plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "4.5"
},
{
"model": "bsafe micro edition suite",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"cve": "CVE-2020-5360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-5360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-183485",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5360",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-014491",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5360",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5360",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-5360",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1187",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell BSAFE Micro Edition Suite is a development toolkit developed by Dell, which can provide encryption, certificate and transport layer security for c/c++ applications, devices and systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5360"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-183485"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5360",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042527",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-183485",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"id": "VAR-202012-1556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:25:31.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-114",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"title": "Dell BSAFE Micro Edition Suite Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-127",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5360"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042527"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042102"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
},
{
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-16T00:00:00",
"db": "VULHUB",
"id": "VHN-183485"
},
{
"date": "2021-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1187"
},
{
"date": "2020-12-16T16:15:14.477000",
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-183485"
},
{
"date": "2021-08-20T08:21:00",
"db": "JVNDB",
"id": "JVNDB-2020-014491"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1187"
},
{
"date": "2024-11-21T05:33:58.850000",
"db": "NVD",
"id": "CVE-2020-5360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1187"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BSAFE\u00a0Micro\u00a0Edition\u00a0Suite\u00a0 Out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014491"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
VAR-201909-1539
Vulnerability from variot - Updated: 2024-11-23 21:14RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1539",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.22"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rsa:bsafe_cert-j",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rsa:bsafe_crypto-j",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rsa:bsafe_ssl-j",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
}
]
},
"cve": "CVE-2019-3740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3740",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155175",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3740",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3740",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3740",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3740",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3740",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-881",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155175",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3740"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-155175"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3740",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021042539",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042537",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072126",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155175",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"id": "VAR-201909-1539",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:14:11.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98406"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3740"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3740"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072126"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042539"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042537"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042641"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042103"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155175"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2019-09-18T23:15:11.173000",
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155175"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009628"
},
{
"date": "2022-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-881"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2024-11-21T04:42:26.680000",
"db": "NVD",
"id": "CVE-2019-3740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-881"
}
],
"trust": 0.6
}
}
VAR-201909-1541
Vulnerability from variot - Updated: 2024-11-23 20:21RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J Contains a vulnerability in the verification of digital signatures.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bsafe ssl-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4.1"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.5"
},
{
"model": "bsafe cert-j",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "goldengate",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.2"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "threat intelligence exchange server",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "threat intelligence exchange server",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.5"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0.210420"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "bsafe cert-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
},
{
"model": "bsafe crypto-j",
"scope": "lt",
"trust": 0.8,
"vendor": "rsa security",
"version": "6.2.5"
},
{
"model": "bsafe ssl-j",
"scope": null,
"trust": 0.8,
"vendor": "rsa security",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rsa:bsafe_cert-j",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rsa:bsafe_crypto-j",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rsa:bsafe_ssl-j",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
}
]
},
"cve": "CVE-2019-3738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3738",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-155173",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3738",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3738",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3738",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3738",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3738",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-879",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J Contains a vulnerability in the verification of digital signatures.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3738"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "VULHUB",
"id": "VHN-155173"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3738",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10318",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3108",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155173",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"id": "VAR-201909-1541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:21:11.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-094: RSA BSAFE Crypto-J Multiple Security Vulnerabilities",
"trust": 0.8,
"url": "https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE\u0026#174;-Crypto-J-Multiple-Security-Vulnerabilities"
},
{
"title": "Dell RSA BSAFE Crypto-J Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98404"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.9
},
{
"problemtype": "CWE-325",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10318"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3738"
},
{
"trust": 1.0,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026#174%3b-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3738"
},
{
"trust": 0.6,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u00ae-crypto-j-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-april-2021-35122"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3108/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10318"
},
{
"trust": 0.1,
"url": "https://www.dell.com/support/security/en-us/details/doc-106556/dsa-2019-094-rsa-bsafe\u0026amp;#174;-crypto-j-multiple-security-vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155173"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
},
{
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-155173"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-879"
},
{
"date": "2019-09-18T23:15:11.047000",
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155173"
},
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009634"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-879"
},
{
"date": "2024-11-21T04:42:26.273000",
"db": "NVD",
"id": "CVE-2019-3738"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE Crypto-J Vulnerability in digital signature verification",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-879"
}
],
"trust": 0.6
}
}