Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

61 vulnerabilities found for director by bluecoat

VAR-201410-1144

Vulnerability from variot - Updated: 2025-12-22 23:33

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04616259

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04616259 Version: 1

HPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-04-02 Last Updated: 2015-04-02

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Network Products running OpenSSL including...

The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. Other vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) and unauthorized access.

References:

CVE-2014-3513 Remote Denial of Service (DoS) CVE-2014-3566 Remote Disclosure of Information (POODLE) CVE-2014-3567 Remote Denial of Service (DoS) CVE-2014-3568 Remote Unauthorized Access SSRT101997, SSRT101774

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION HP has provided the following software updates to resolve the vulnerabilities in the HP Networking products listed.

Note: mitigation instructions are included below if the following software updates cannot be applied.

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted CVE

12900 Switch Series R1005P15 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

12500 R1828P06 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)

CVE-2014-3566 CVE-2014-3568

12500 (Comware v7) R7328P04 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

11900 Switch Series R2111P06 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

CVE-2014-3566 CVE-2014-3568

10500 Switch Series (Comware v7) R2111P06 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

9500E R1828P06 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

CVE-2014-3566 CVE-2014-3568

7900 R2122 JG682A HP FlexFabric 7904 Switch Chassis JH001A HP FF 7910 2.4Tbps Fabric / MPU JG842A HP FF 7910 7.2Tbps Fabric / MPU JG841A HP FF 7910 Switch Chassis

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

CVE-2014-3566 CVE-2014-3568

HSR6800 R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

CVE-2014-3566 CVE-2014-3568

HSR6800 Russian Version R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

CVE-2014-3566 CVE-2014-3568

HSR6602 R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG777A HP HSR6602-XG TAA Router

CVE-2014-3566 CVE-2014-3568

HSR6602 Russian Version R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

CVE-2014-3566 CVE-2014-3568

6602 R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

CVE-2014-3566 CVE-2014-3568

6602 Russian Version R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)

CVE-2014-3566 CVE-2014-3568

A6600 R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

A6600 Russian Version R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

6600 MCP R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

6600 MCP Russian Version R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG778A HP 6600 MCP-X2 Router TAA MPU

H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

CVE-2014-3566 CVE-2014-3568

5920 Switch Series R2311P05 JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5900 Switch Series R2311P05 JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5830 Switch Series R1118P11 JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

CVE-2014-3566 CVE-2014-3568

5820 Switch Series R1809P03 JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

CVE-2014-3566 CVE-2014-3568

5800 Switch Series R1809P03 JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

CVE-2014-3566 CVE-2014-3568

5700 R2311P05 JG894A HP FF 5700-48G-4XG-2QSFP+ Switch JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch JG896A HP FF 5700-40XG-2QSFP+ Switch JG897A HP FF 5700-40XG-2QSFP+ TAA Switch JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

CVE-2014-3566 CVE-2014-3568

5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

CVE-2014-3566 CVE-2014-3568

5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

CVE-2014-3566 CVE-2014-3568

5130 EI switch Series R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch JG933A HP 5130-24G-SFP-4SFP+ EI Switch JG934A HP 5130-48G-4SFP+ EI Switch JG936A HP 5130-24G-PoE+-4SFP+ EI Swch JG937A HP 5130-48G-PoE+-4SFP+ EI Swch JG975A HP 5130-24G-4SFP+ EI BR Switch JG976A HP 5130-48G-4SFP+ EI BR Switch JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

CVE-2014-3566 CVE-2014-3568

5120 SI switch Series R1513P95 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

CVE-2014-3566 CVE-2014-3568

4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91) CVE-2014-3566 CVE-2014-3568

4510G Switch Series R2221P08 JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91) CVE-2014-3566 CVE-2014-3568

4210G Switch Series R2221P08 JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91) CVE-2014-3566 CVE-2014-3568

3610 Switch Series R5319P10 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

CVE-2014-3566 CVE-2014-3568

3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

CVE-2014-3566 CVE-2014-3568

3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

CVE-2014-3566 CVE-2014-3568

3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch

CVE-2014-3566 CVE-2014-3568

1920 R1105 JG920A HP 1920-8G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG922A HP 1920-8G-PoE+ (180W) Switch JG923A HP 1920-16G Switch JG924A HP 1920-24G Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG927A HP 1920-48G Switch

CVE-2014-3566 CVE-2014-3568

1910 R11XX R1107 JG536A HP 1910-8 Switch JG537A HP 1910-8 -PoE+ Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG540A HP 1910-48 Switch

CVE-2014-3566 CVE-2014-3568

1910 R15XX R1513P95 JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch

CVE-2014-3566 CVE-2014-3568

1620 R1104 JG912A HP 1620-8G Switch JG913A HP 1620-24G Switch JG914A HP 1620-48G Switch

CVE-2014-3566 CVE-2014-3568

MSR20-1X R2513P33 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

CVE-2014-3566 CVE-2014-3568

MSR30 R2513P33 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

CVE-2014-3566 CVE-2014-3568

MSR30-16 R2513P33 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

CVE-2014-3566 CVE-2014-3568

MSR30-1X R2513P33 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

CVE-2014-3566 CVE-2014-3568

MSR50 R2513P33 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

CVE-2014-3566 CVE-2014-3568

MSR50-G2 R2513P33 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

CVE-2014-3566 CVE-2014-3568

MSR20 Russian version MSR201X_5.20.R2513L40.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

CVE-2014-3566 CVE-2014-3568

MSR20-1X Russian version MSR201X_5.20.R2513L40.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

CVE-2014-3566 CVE-2014-3568

MSR30 Russian version MSR201X_5.20.R2513L40.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

CVE-2014-3566 CVE-2014-3568

MSR30-16 Russian version MSR201X_5.20.R2513L40.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

CVE-2014-3566 CVE-2014-3568

MSR30-1X Russian version MSR201X_5.20.R2513L40.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

CVE-2014-3566 CVE-2014-3568

MSR50 Russian version MSR201X_5.20.R2513L40.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

CVE-2014-3566 CVE-2014-3568

MSR50 G2 Russian version MSR201X_5.20.R2513L40.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

CVE-2014-3566 CVE-2014-3568

MSR9XX R2513P33 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

CVE-2014-3566 CVE-2014-3568

MSR93X R2513P33 JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

CVE-2014-3566 CVE-2014-3568

MSR1000 R2513P33 JG732A HP MSR1003-8 AC Router

CVE-2014-3566 CVE-2014-3568

MSR1000 Russian version R2513L40.RU JG732A HP MSR1003-8 AC Router

CVE-2014-3566 CVE-2014-3568

MSR2000 R0106P18 JG411A HP MSR2003 AC Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

MSR3000 R0106P18 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

MSR4000 R0106P18 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

F5000 F3210P22 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

CVE-2014-3566 CVE-2014-3568

F5000-C R3811P03 JG650A HP F5000-C VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F5000-S R3811P03 JG370A HP F5000-S VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

U200S and CS F5123P30 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

CVE-2014-3566 CVE-2014-3568

U200A and M F5123P30 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

CVE-2014-3566 CVE-2014-3568

SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod

CVE-2014-3566 CVE-2014-3568

SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

CVE-2014-3566 CVE-2014-3568

F1000-E R3181P05 JD272A HP F1000-E VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance

CVE-2014-3566 CVE-2014-3568

SecBlade SSL VPN Fix in Progress Use Mitigation JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic

CVE-2014-3566 CVE-2014-3568

VSR1000 R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router

CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

WX5002/5004 R2507P34 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

CVE-2014-3566 CVE-2014-3568

HP 850/870 R2607P34 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc

CVE-2014-3566 CVE-2014-3568

HP 830 R3507P34 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

CVE-2014-3566 CVE-2014-3568

HP 6000 R2507P34 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

CVE-2014-3566 CVE-2014-3568

VCX Fix in Progress Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr JC517A HP VCX V7205 Platform w/DL 360 G6 Server JE355A HP VCX V6000 Branch Platform 9.0 JC516A HP VCX V7005 Platform w/DL 120 G6 Server JC518A HP VCX Connect 200 Primry 120 G6 Server J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr JE341A HP VCX Connect 100 Secondary JE252A HP VCX Connect Primary MIM Module JE253A HP VCX Connect Secondary MIM Module JE254A HP VCX Branch MIM Module JE355A HP VCX V6000 Branch Platform 9.0 JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod JD023A HP MSR30-40 Router with VCX MIM Module JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS JE340A HP VCX Connect 100 Pri Server 9.0 JE342A HP VCX Connect 100 Sec Server 9.0

CVE-2014-3566 CVE-2014-3568

iMC PLAT iMC PLAT v7.1 E0303P06 JD125A HP IMC Std S/W Platform w/100-node JD126A HP IMC Ent S/W Platform w/100-node JD808A HP IMC Ent Platform w/100-node License JD815A HP IMC Std Platform w/100-node License JF377A HP IMC Std S/W Platform w/100-node Lic JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU JF378A HP IMC Ent S/W Platform w/200-node Lic JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect VAE E-LTU JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU

CVE-2014-3566

iMC UAM iMC UAM v7.1 E0302P07 JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567

iMC WSM Fix in Progress Use Mitigation JD456A HP WSM Plug-in for IMC Includes 50 Aps JF414A HP IMC WSM S/W Module with 50-AP License JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU

CVE-2014-3513 CVE-2014-3566 CVE-2014-3567

A Fixes in progress use mitigations J9565A HP 2615-8-PoE Switch J9562A HP 2915-8G-PoE Switch

E Fixes in progress use mitigations J4850A HP ProCurve Switch 5304xl J8166A HP ProCurve Switch 5304xl-32G J4819A HP ProCurve Switch 5308xl J8167A HP ProCurve Switch 5308xl-48G J4849A HP ProCurve Switch 5348xl J4849B HP ProCurve Switch 5348xl J4848A HP ProCurve Switch 5372xl J4848B HP ProCurve Switch 5372xl

F Fixes in progress use mitigations J4812A HP ProCurve 2512 Switch J4813A HP ProCurve 2524 Switch J4817A HP ProCurve 2312 Switch J4818A HP ProCurve 2324 Switch

H.07 Fixes in progress use mitigations J4902A HP ProCurve 6108 Switch

H.10 Fixes in progress use mitigations J8762A HP E2600-8-PoE Switch J4900A HP PROCURVE SWITCH 2626 J4900B HP ProCurve Switch 2626 J4900C ProCurve Switch 2626 J4899A HP ProCurve Switch 2650 J4899B HP ProCurve Switch 2650 J4899C ProCurve Switch 2650 J8164A ProCurve Switch 2626-PWR J8165A HP ProCurve Switch 2650-PWR

i.10 Fixes in progress use mitigations J4903A ProCurve Switch 2824 J4904A HP ProCurve Switch 2848

J Fixes in progress use mitigations J9299A HP 2520-24G-PoE Switch J9298A HP 2520-8G-PoE Switch

K Fixes in progress use mitigations J8692A HP 3500-24G-PoE yl Switch J8693A HP 3500-48G-PoE yl Switch J9310A HP 3500-24G-PoE+ yl Switch J9311A HP 3500-48G-PoE+ yl Switch J9470A HP 3500-24 Switch J9471A HP 3500-24-PoE Switch J9472A HP 3500-48 Switch J9473A HP 3500-48-PoE Switch J8697A HP E5406 zl Switch Chassis J8699A HP 5406-48G zl Switch J9447A HP 5406-44G-PoE+-4SFP zl Switch J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW J9642A HP 5406 zl Switch with Premium Software J9866A HP 5406 8p10GT 8p10GE Swch and Psw J8698A HP E5412 zl Switch Chassis J8700A HP 5412-96G zl Switch J9448A HP 5412-92G-PoE+-4SFP zl Switch J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW J9643A HP 5412 zl Switch with Premium Software J8992A HP 6200-24G-mGBIC yl Switch J9263A HP E6600-24G Switch J9264A HP 6600-24G-4XG Switch J9265A HP 6600-24XG Switch J9451A HP E6600-48G Switch J9452A HP 6600-48G-4XG Switch J9475A HP E8206 zl Switch Base System J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW J9640A HP 8206 zl Switch w/Premium Software J8715A ProCurve Switch 8212zl Base System J8715B HP E8212 zl Switch Base System J9091A ProCurve Switch 8212zl Chassis&Fan Tray J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW J9641A HP 8212 zl Switch with Premium SW

KA Fixes in progress use mitigations J9573A HP 3800-24G-PoE+-2SFP+ Switch J9574A HP 3800-48G-PoE+-4SFP+ Switch J9575A HP 3800-24G-2SFP+ Switch J9576A HP 3800-48G-4SFP+ Switch J9584A HP 3800-24SFP-2SFP+ Switch J9585A HP 3800-24G-2XG Switch J9586A HP 3800-48G-4XG Switch J9587A HP 3800-24G-PoE+-2XG Switch J9588A HP 3800-48G-PoE+-4XG Switch

KB Fixes in progress use mitigations J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch

L Fixes in progress use mitigations J8772B HP 4202-72 Vl Switch J8770A HP 4204 Vl Switch Chassis J9064A HP 4204-44G-4SFP Vl Switch J8773A HP 4208 Vl Switch Chassis J9030A HP 4208-68G-4SFP Vl Switch J8775B HP 4208-96 Vl Switch J8771A ProCurve Switch 4202VL-48G J8772A ProCurve Switch 4202VL-72 J8774A ProCurve Switch 4208VL-64G J8775A ProCurve Switch 4208VL-96

M.08 Fixes in progress use mitigations J8433A HP 6400-6XG cl Switch J8474A HP 6410-6XG cl Switch

M.10 Fixes in progress use mitigations J4906A HP E3400-48G cl Switch J4905A HP ProCurve Switch 3400cl-24G

N Fixes in progress use mitigations J9021A HP 2810-24G Switch J9022A HP 2810-48G Switch

PA Fixes in progress use mitigations J9029A ProCurve Switch 1800-8G

PB Fixes in progress use mitigations J9028A ProCurve Switch 1800-24G J9028B ProCurve Switch 1800-24G

Q Fixes in progress use mitigations J9019B HP 2510-24 Switch J9019A ProCurve Switch 2510-24

R Fixes in progress use mitigations J9085A HP 2610-24 Switch J9087A HP 2610-24-PoE Switch J9086A HP 2610-24-PPoE Switch J9088A HP 2610-48 Switch J9089A HP 2610-48-PoE Switch

RA Fixes in progress use mitigations J9623A HP 2620-24 Switch J9624A HP 2620-24-PPoE+ Switch J9625A HP 2620-24-PoE+ Switch J9626A HP 2620-48 Switch J9627A HP 2620-48-PoE+ Switch

S Fixes in progress use mitigations J9138A HP 2520-24-PoE Switch J9137A HP 2520-8-PoE Switch

T Fixes in progress use mitigations J9049A ProCurve Switch 2900- 24G J9050A ProCurve Switch 2900 48G

U Fixes in progress use mitigations J9020A HP 2510-48 Switch

VA Fixes in progress use mitigations J9079A HP 1700-8 Switch

VB Fixes in progress use mitigations J9080A HP 1700-24 Switch

W Fixes in progress use mitigations J9145A HP 2910-24G al Switch J9146A HP 2910-24G-PoE+ al Switch J9147A HP 2910-48G al Switch J9148A HP 2910-48G-PoE+ al Switch

WB Fixes in progress use mitigations J9726A HP 2920-24G Switch J9727A HP 2920-24G-POE+ Switch J9728A HP 2920-48G Switch J9729A HP 2920-48G-POE+ Switch J9836A HP 2920-48G-POE+ 740W Switch

Y Fixes in progress use mitigations J9279A HP 2510-24G Switch J9280A HP 2510-48G Switch

YA Fixes in progress use mitigations J9772A HP 2530-48G-PoE+ Switch J9773A HP 2530-24G-PoE+ Switch J9774A HP 2530-8G-PoE+ Switch J9775A HP 2530-48G Switch J9776A HP 2530-24G Switch J9777A HP 2530-8G Switch J9778A HP 2530-48-PoE+ Switch J9781A HP 2530-48 Switch J9853A HP 2530-48G-PoE+-2SFP+ Switch J9854A HP 2530-24G-PoE+-2SFP+ Switch J9855A HP 2530-48G-2SFP+ Switch J9856A HP 2530-24G-2SFP+ Switch

YB Fixes in progress use mitigations J9779A HP 2530-24-PoE+ Switch J9780A HP 2530-8-PoE+ Switch J9782A HP 2530-24 Switch J9783A HP 2530-8 Switch

MSM 6.5 6.5.1.0 J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9370A HP MSM765 Zl Premium Mobility Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9840A HP MSM775 zl Premium Controller Module J9845A HP 560 Wireless 802.11ac (AM) AP J9846A HP 560 Wireless 802.11ac (WW) AP J9847A HP 560 Wireless 802.11ac (JP) AP J9848A HP 560 Wireless 802.11ac (IL) AP J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)

MSM 6.4 6.4.2.1 J9840A HP MSM775 zl Premium Controller Module J9370A HP MSM765 Zl Premium Mobility Controller J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL)

MSM 6.3 6.3.1.0 J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP)

MSM 6.2 6.2.1.2 J9370A HP MSM765 Zl Premium Mobility Controller J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9840A HP MSM775 zl Premium Controller Module J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr

M220 Fixes in progress use mitigations J9798A HP M220 802.11n (AM) Access Point J9799A HP M220 802.11n (WW) Access Point

M210 Fixes in progress use mitigations JL023A HP M210 802.11n (AM) Access Point JL024A HP M210 802.11n (WW) Access Point

PS110 Fixes in progress use mitigations JL065A HP PS110 Wireless 802.11n VPN AM Router JL066A HP PS110 Wireless 802.11n VPN WW Router

HP Office Connect 1810 PK Fixes in progress use mitigations J9660A HP 1810-48G Switch

HP Office Connect 1810 P Fixes in progress use mitigations J9450A HP 1810-24G Switch J9449A HP 1810-8G Switch

HP Office Connect 1810 PL Fixes in progress use mitigations J9802A HP 1810-8G v2 Switch J9803A HP 1810-24G v2 Switch

RF Manager Fixes in progress use mitigations J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with 50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU

HP Office Connect 1810 PM Fixes in progress use mitigations J9800A HP 1810-8 v2 Switch J9801A HP 1810-24 v2 Switch

HP Office Connect PS1810 Fixes in progress use mitigations J9833A HP PS1810-8G Switch J9834A HP PS1810-24G Switch

Mitigation Instructions

For SSLv3 Server Functionality on Impacted Products:

Disable SSLv3 on clients and/or disable CBC ciphers on clients Use Access Control functionality to control client access

For SSLv3 Client Functionality on Impacted Products:

Go to SSL server and disable SSLv3 and/or disable CBC ciphers Use Access Control functionality to control access to servers

HISTORY Version:1 (rev.1) - 2 April 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References:

CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT101920 SSRT101921 SSRT101922 SSRT101894

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The HP Insight Control 7.2.3 Update kit applicable to HP Insight Control 7.2.x installations is available at the following location:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPICE

NOTE: Please read the readme.txt file before proceeding with the installation.

HP has addressed these vulnerabilities for the impacted software components bundled with HP Insight Control in the following HP Security Bulletins:

HP Insight Control software components HP Security Bulletin Security Bulletin Location

HP Systems Insight Manager (SIM) HPSBMU03261 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571454

HP System Management Homepage (SMH) HPSBMU03260 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571379

HP Version Control Agent (VCA) HPSBMU03262 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571956

Version Control Repository Manager (VCRM) HPSBMU03259 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04570627

HISTORY Version:1 (rev.1) - 16 March 2015 Initial release

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt

Updated Packages:

Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2015-0001 Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues Issue date: 2015-01-27 Updated on: 2015-01-27 (Initial Advisory) CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044

         --- OPENSSL---
         CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568

         --- libxml2 ---
         CVE-2014-3660

Summary

VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.

Relevant Releases

VMware Workstation 10.x prior to version 10.0.5

VMware Player 6.x prior to version 6.0.5

VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5

vCenter Server 5.5 prior to Update 2d

ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG

Problem Description

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability

  VMware ESXi, Workstation, Player and Fusion contain an arbitrary 
  file write issue. Exploitation this issue may allow for privilege
  escalation on the host.

  The vulnerability does not allow for privilege escalation from 
  the guest Operating System to the host or vice-versa. This means
  that host memory can not be manipulated from the Guest Operating
  System.

  Mitigation

  For ESXi to be affected, permissions must have been added to ESXi
  (or a vCenter Server managing it) for a virtual machine 
  administrator role or greater.

  VMware would like to thank Shanon Olsson for reporting this issue to
  us through JPCERT.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2014-8370 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       6.0.5

  ESXi           5.5        ESXi      ESXi550-201403102-SG
  ESXi           5.1        ESXi      ESXi510-201404101-SG 
  ESXi           5.0        ESXi      ESXi500-201405101-SG

b. VMware Workstation, Player, and Fusion Denial of Service vulnerability

  VMware Workstation, Player, and Fusion contain an input validation 
  issue in the Host Guest File System (HGFS). This issue may allow
  for a Denial of Service of the Guest Operating system.

  VMware would like to thank Peter Kamensky from Digital Security for 
  reporting this issue to us.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1043 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       7.0.1
  Fusion         6.x        any       6.0.5

c. VMware ESXi, Workstation, and Player Denial of Service vulnerability

  VMware ESXi, Workstation, and Player contain an input
  validation issue in VMware Authorization process (vmware-authd). 
  This issue may allow for a Denial of Service of the host. On 
  VMware ESXi and on Workstation running on Linux the Denial of
  Service would be partial.

  VMware would like to thank Dmitry Yudin @ret5et for reporting
  this issue to us through HP's Zero Day Initiative.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the identifier CVE-2015-1044 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  Workstation    11.x       any       not affected
  Workstation    10.x       any       10.0.5

  Player         7.x        any       not affected
  Player         6.x        any       6.0.5

  Fusion         7.x        any       not affected
  Fusion         6.x        any       not affected

  ESXi           5.5        ESXi      ESXi550-201501101-SG
  ESXi           5.1        ESXi      ESXi510-201410101-SG
  ESXi           5.0        ESXi      not affected

d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package

  The OpenSSL library is updated to version 1.0.1j or 0.9.8zc
  to resolve multiple security issues.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-3513, CVE-2014-3567, 
  CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  vCenter Server 5.5        any       Update 2d*
  vCenter Server 5.1        any       patch pending
  vCenter Server 5.0        any       patch pending

  ESXi           5.5        ESXi      ESXi550-201501101-SG       
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending

  * The VMware vCenter 5.5 SSO component will be 
    updated in a later release

e. Update to ESXi libxml2 package

  The libxml2 library is updated to version libxml2-2.7.6-17
  to resolve a security issue.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2014-3660 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware         Product    Running   Replace with/
  Product        Version    on        Apply Patch
  =============  =======    =======   =================
  ESXi           5.5        ESXi      ESXi550-201501101-SG     
  ESXi           5.1        ESXi      patch pending
  ESXi           5.0        ESXi      patch pending

Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware Workstation 10.x

https://www.vmware.com/go/downloadworkstation

VMware Player 6.x

https://www.vmware.com/go/downloadplayer

VMware Fusion 7.x and 6.x

https://www.vmware.com/go/downloadplayer

vCenter Server

Downloads and Documentation: https://www.vmware.com/go/download-vsphere

ESXi 5.5 Update 2d

File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG

ESXi 5.5

File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG

ESXi 5.1

File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG

ESXi 5.0

File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

Change log

2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27.

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8

wj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE c75UD0ctlJx5607JuLfnb6Y= =IxpT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-16-2 Xcode 7.0

Xcode 7.0 is now available and addresses the following:

DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by updating header files to use the latest version. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation

IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher

IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree

subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251

Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

Select Xcode in the menu bar
Select About Xcode
The version after applying this update will be "7.0". Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. [CVE-2014-3567].

The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].

III. [CVE-2014-3567].

An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.0]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc

gpg --verify openssl-10.0.patch.asc

[FreeBSD 9.3]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 8.4, 9.1 and 9.2]

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch

fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flex system chassis management module",
        "scope": null,
        "trust": 3.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "ibm",
        "version": "1.50.1"
      },
      {
        "model": "flex system chassis management module 1.1.1",
        "scope": null,
        "trust": 1.2,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zb"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "bladecenter advanced management module 3.66n",
        "scope": "ne",
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "bladecenter advanced management module 3.66k",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system chassis management module 1.50.0",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "global console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.26.1.23978"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.4.2.15036"
      },
      {
        "model": "global console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.50.0"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.39.0"
      },
      {
        "model": "local console manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.27.00"
      },
      {
        "model": "local console manager",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.2.40.00"
      },
      {
        "model": "flex system chassis management module 1.40.1",
        "scope": null,
        "trust": 0.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet23g-2.06",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladecenter advanced management module 25r5778",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "q",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1948"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.11"
      },
      {
        "model": "k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.5"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system chassis management module 1.20.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "connect:enterprise secure client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli netcool/reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "wb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "policycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "m210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "vsr1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.40"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "x-series xos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "10.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet21c-2.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "megaraid storage manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "15.03.01.00"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8720"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.23"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.1"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.22"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "r2122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900"
      },
      {
        "model": "flex system chassis management module 1.40.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.1"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "netcool/system service monitor fp1 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0-"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "flex system ib6131 40gb infiniband switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "policycenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2.10"
      },
      {
        "model": "netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8886"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "office connect ps1810",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "ex series network switches for ibm products pre 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "m.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "connect:enterprise command line client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "aspera proxy",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aspera mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "h.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.20"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.2"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "norman shark scada protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7967"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "aspera drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.53"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "flex system chassis management module 1.20.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.10"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "norman shark scada protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "12500(comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)0"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8852"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8750"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57000"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "norman shark network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.1"
      },
      {
        "model": "esxi esxi550-20150110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "kb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.8.0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24d-2.08",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.6"
      },
      {
        "model": "i.10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "m.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.8"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11150-11"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-493"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "ssl visibility 3.8.2f",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.6"
      },
      {
        "model": "rational software architect realtime edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.16.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-109"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "vb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1881"
      },
      {
        "model": "connect:enterprise secure client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56001"
      },
      {
        "model": "ka",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.6"
      },
      {
        "model": "office connect pk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet21e-2.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aspera proxy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.2.2"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "yb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aspera connect server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "flex system chassis management module 1.40.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli provisioning manager for images",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "upward integration modules scvmm add-in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.5"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24b-2.07",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "flex system fc3171 8gb san switch and san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.5.03.00"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.41"
      },
      {
        "model": "aspera ondemand for google cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.21"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.0"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.2"
      },
      {
        "model": "aspera console",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.5.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "bladecenter -s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7779"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.3"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.2"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.10"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.20"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.11"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aspera faspex",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.9"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.40"
      },
      {
        "model": "msr2000 r0106p18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "va",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.32"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aspera ondemand for softlayer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.4"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "aspera ondemand for azure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5700"
      },
      {
        "model": "aspera shares",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.9"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "qradar risk manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.46.4.2.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aspera connect server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aspera client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "aspera outlook plugin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.4.2"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system management homepage 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.131"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.7"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56003"
      },
      {
        "model": "sterling connect:enterprise http option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.1.2"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "flex system chassis management module 1.20.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "sterling connect:express for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6.1146-108"
      },
      {
        "model": "aspera enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "packetshaper",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2.10"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.1.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "aspera shares",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "1.7.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.2"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3.2"
      },
      {
        "model": "ps110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "upward integration modules hardware management pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "aspera point to point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.33"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.3.0"
      },
      {
        "model": "upward integration modules integrated installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.7"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "imc uam e0302p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.5"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "qradar vulnerability manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "ra",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1.0"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "rf manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "cognos planning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "packetshaper s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "11.1"
      },
      {
        "model": "h.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-495"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "office connect pm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "ya",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5900"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "bladecenter t advanced management module 32r0835",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.26.2.1.2"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3.0"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "12500(comware r7328p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v7)"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.0.1"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "w",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.1.1"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.7.0"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "bladecenter -t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8730"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "pb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet13a-2.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.56.5.1.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flex system chassis management module 1.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7989"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "bladecenter -ht",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8740"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aspera console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.3"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aspera faspex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.7.7"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "switch series r2111p06",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11900"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "packetshaper",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "aspera orchestrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "2.10"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.3"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "sterling connect:enterprise http option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51300"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "y",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4.34"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "flex system chassis management module 2.5.3t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "m220",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "56002"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system chassis management module 1.0.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "imc wsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aspera ondemand for amazon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "msm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.36.3.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "bladecenter -h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1886"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "msr2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bladecenter -e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8677"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet17a-2.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.2"
      },
      {
        "model": "cognos controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "systems director common agent for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24j-2.10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aspera enterprise server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "qradar risk manager mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "switch series r1005p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12900"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "office connect p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "aspera orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "0"
      },
      {
        "model": "norman shark industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.0"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "norman shark network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.2.3"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "tivoli provisioning manager for os deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "nextscale n1200 enclosure fan power controller fhet24g-2.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "manager for sle sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "111.7"
      },
      {
        "model": "studio onsite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "1.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "cloudsystem matrix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "office connect pl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "18100"
      },
      {
        "model": "content analysis system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "reporter\u0027s iso",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vsr1000 r0204p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "storage provisioning manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.3"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4.1110"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "switch series r2311p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5920"
      },
      {
        "model": "aspera point to point",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "asperasoft",
        "version": "3.5.2"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "tivoli provisioning manager for images system edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x7.1.1.0"
      },
      {
        "model": "systems director common agent for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "ei switch series r3108p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5130"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2014-3567",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-3567",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3567",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-3567",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04616259\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04616259\nVersion: 1\n\nHPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of\nService (DoS), Unauthorized Access, Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-02\nLast Updated: 2015-04-02\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Network\nProducts running OpenSSL including... \n\nThe SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \nOther vulnerabilities which could be remotely exploited resulting in Denial\nof Service (DoS) and unauthorized access. \n\nReferences:\n\nCVE-2014-3513 Remote Denial of Service (DoS)\nCVE-2014-3566 Remote Disclosure of Information (POODLE)\nCVE-2014-3567 Remote Denial of Service (DoS)\nCVE-2014-3568 Remote Unauthorized Access\nSSRT101997, SSRT101774\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-3513    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2014-3567    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2014-3568    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHP has provided the following software updates to resolve the vulnerabilities\nin the HP Networking products listed. \n\nNote: mitigation instructions are included below if the following software\nupdates cannot be applied. \n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n CVE\n\n12900 Switch Series\n R1005P15\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n12500\n R1828P06\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3568\n\n12500 (Comware v7)\n R7328P04\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n11900 Switch Series\n R2111P06\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n10500 Switch Series (Comware v5)\n R1208P10\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3568\n\n10500 Switch Series (Comware v7)\n R2111P06\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n9500E\n R1828P06\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n CVE-2014-3566\nCVE-2014-3568\n\n7900\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis\nJH001A HP FF 7910 2.4Tbps Fabric / MPU\nJG842A HP FF 7910 7.2Tbps Fabric / MPU\nJG841A HP FF 7910 Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n7500 Switch Series\n R6708P10\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800 Russian Version\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602 Russian Version\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602 Russian Version\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600 Russian Version\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP Russian Version\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG778A HP 6600 MCP-X2 Router TAA MPU\n\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5920 Switch Series\n R2311P05\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5900 Switch Series\n R2311P05\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5830 Switch Series\n R1118P11\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n5820 Switch Series\n R1809P03\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5800 Switch Series\n R1809P03\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5700\n R2311P05\n JG894A HP FF 5700-48G-4XG-2QSFP+ Switch\nJG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch\nJG896A HP FF 5700-40XG-2QSFP+ Switch\nJG897A HP FF 5700-40XG-2QSFP+ TAA Switch\nJG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch\nJG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5500 HI Switch Series\n R5501P06\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 EI Switch Series\n R2221P08\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 SI Switch Series\n R2221P08\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5130 EI switch Series\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch\nJG933A HP 5130-24G-SFP-4SFP+ EI Switch\nJG934A HP 5130-48G-4SFP+ EI Switch\nJG936A HP 5130-24G-PoE+-4SFP+ EI Swch\nJG937A HP 5130-48G-PoE+-4SFP+ EI Swch\nJG975A HP 5130-24G-4SFP+ EI BR Switch\nJG976A HP 5130-48G-4SFP+ EI BR Switch\nJG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch\nJG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5120 EI Switch Series\n R2221P08\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5120 SI switch Series\n R1513P95\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n CVE-2014-3566\nCVE-2014-3568\n\n4800 G Switch Series\n R2221P08\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4510G Switch Series\n R2221P08\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4210G Switch Series\n R2221P08\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n3610 Switch Series\n R5319P10\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n CVE-2014-3566\nCVE-2014-3568\n\n3600 V2 Switch Series\n R2110P03\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2-48\n R2110P03\n JG315A HP 3100-48 v2 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1920\n R1105\n JG920A HP 1920-8G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\nJG923A HP 1920-16G Switch\nJG924A HP 1920-24G Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG927A HP 1920-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R11XX\n R1107\n JG536A HP 1910-8 Switch\nJG537A HP 1910-8 -PoE+ Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG540A HP 1910-48 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R15XX\n R1513P95\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1620\n R1104\n JG912A HP 1620-8G Switch\nJG913A HP 1620-24G Switch\nJG914A HP 1620-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X\n R2513P33\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30\n R2513P33\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16\n R2513P33\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X\n R2513P33\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50\n R2513P33\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50-G2\n R2513P33\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20 Russian version\n MSR201X_5.20.R2513L40.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30 Russian version\n MSR201X_5.20.R2513L40.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16 Russian version\n MSR201X_5.20.R2513L40.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 Russian version\n MSR201X_5.20.R2513L40.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 G2 Russian version\n MSR201X_5.20.R2513L40.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR9XX\n R2513P33\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR93X\n R2513P33\n JG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000\n R2513P33\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000 Russian version\n R2513L40.RU\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR2000\n R0106P18\n JG411A HP MSR2003 AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR3000\n R0106P18\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR4000\n R0106P18\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nF5000\n F3210P22\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-C\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-S\n R3811P03\n JG370A HP F5000-S VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200S and CS\n F5123P30\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200A and M\n F5123P30\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade III\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade FW\n R3181P05\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-E\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-A\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-S\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade SSL VPN\n Fix in Progress\nUse Mitigation\n JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic\n\n CVE-2014-3566\nCVE-2014-3568\n\nVSR1000\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nWX5002/5004\n R2507P34\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 850/870\n R2607P34\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 830\n R3507P34\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 6000\n R2507P34\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nVCX\n Fix in Progress\nUse Mitigation\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\nJ9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\nJC517A HP VCX V7205 Platform w/DL 360 G6 Server\nJE355A HP VCX V6000 Branch Platform 9.0\nJC516A HP VCX V7005 Platform w/DL 120 G6 Server\nJC518A HP VCX Connect 200 Primry 120 G6 Server\nJ9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\nJE341A HP VCX Connect 100 Secondary\nJE252A HP VCX Connect Primary MIM Module\nJE253A HP VCX Connect Secondary MIM Module\nJE254A HP VCX Branch MIM Module\nJE355A HP VCX V6000 Branch Platform 9.0\nJD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\nJD023A HP MSR30-40 Router with VCX MIM Module\nJD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\nJD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\nJD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\nJD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\nJD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\nJE340A HP VCX Connect 100 Pri Server 9.0\nJE342A HP VCX Connect 100 Sec Server 9.0\n\n CVE-2014-3566\nCVE-2014-3568\n\niMC PLAT\n iMC PLAT v7.1 E0303P06\n JD125A HP IMC Std S/W Platform w/100-node\nJD126A HP IMC Ent S/W Platform w/100-node\nJD808A HP IMC Ent Platform w/100-node License\nJD815A HP IMC Std Platform w/100-node License\nJF377A HP IMC Std S/W Platform w/100-node Lic\nJF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\nJF378A HP IMC Ent S/W Platform w/200-node Lic\nJF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect VAE E-LTU\nJG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\nJG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\nJG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\nJG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\nJG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\n CVE-2014-3566\n\niMC UAM\n iMC UAM v7.1 E0302P07\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\niMC WSM\n Fix in Progress\nUse Mitigation\n JD456A HP WSM Plug-in for IMC\nIncludes 50 Aps\nJF414A HP IMC WSM S/W Module with 50-AP License\nJF414AAE HP IMC WSM S/W Module with 50-AP E-LTU\nJG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU\nJG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\nA\n Fixes in progress\nuse mitigations\n J9565A HP 2615-8-PoE Switch\nJ9562A HP 2915-8G-PoE Switch\n\nE\n Fixes in progress\nuse mitigations\n J4850A HP ProCurve Switch 5304xl\nJ8166A HP ProCurve Switch 5304xl-32G\nJ4819A HP ProCurve Switch 5308xl\nJ8167A HP ProCurve Switch 5308xl-48G\nJ4849A HP ProCurve Switch 5348xl\nJ4849B HP ProCurve Switch 5348xl\nJ4848A HP ProCurve Switch 5372xl\nJ4848B HP ProCurve Switch 5372xl\n\nF\n Fixes in progress\nuse mitigations\n J4812A HP ProCurve 2512 Switch\nJ4813A HP ProCurve 2524 Switch\nJ4817A HP ProCurve 2312 Switch\nJ4818A HP ProCurve 2324 Switch\n\nH.07\n Fixes in progress\nuse mitigations\n J4902A HP ProCurve 6108 Switch\n\nH.10\n Fixes in progress\nuse mitigations\n J8762A HP E2600-8-PoE Switch\nJ4900A HP PROCURVE SWITCH 2626\nJ4900B HP ProCurve Switch 2626\nJ4900C ProCurve Switch 2626\nJ4899A HP ProCurve Switch 2650\nJ4899B HP ProCurve Switch 2650\nJ4899C ProCurve Switch 2650\nJ8164A ProCurve Switch 2626-PWR\nJ8165A HP ProCurve Switch 2650-PWR\n\ni.10\n Fixes in progress\nuse mitigations\n J4903A ProCurve Switch 2824\nJ4904A HP ProCurve Switch 2848\n\nJ\n Fixes in progress\nuse mitigations\n J9299A HP 2520-24G-PoE Switch\nJ9298A HP 2520-8G-PoE Switch\n\nK\n Fixes in progress\nuse mitigations\n J8692A HP 3500-24G-PoE yl Switch\nJ8693A HP 3500-48G-PoE yl Switch\nJ9310A HP 3500-24G-PoE+ yl Switch\nJ9311A HP 3500-48G-PoE+ yl Switch\nJ9470A HP 3500-24 Switch\nJ9471A HP 3500-24-PoE Switch\nJ9472A HP 3500-48 Switch\nJ9473A HP 3500-48-PoE Switch\nJ8697A HP E5406 zl Switch Chassis\nJ8699A HP 5406-48G zl Switch\nJ9447A HP 5406-44G-PoE+-4SFP zl Switch\nJ9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW\nJ9642A HP 5406 zl Switch with Premium Software\nJ9866A HP 5406 8p10GT 8p10GE Swch and Psw\nJ8698A HP E5412 zl Switch Chassis\nJ8700A HP 5412-96G zl Switch\nJ9448A HP 5412-92G-PoE+-4SFP zl Switch\nJ9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW\nJ9643A HP 5412 zl Switch with Premium Software\nJ8992A HP 6200-24G-mGBIC yl Switch\nJ9263A HP E6600-24G Switch\nJ9264A HP 6600-24G-4XG Switch\nJ9265A HP 6600-24XG Switch\nJ9451A HP E6600-48G Switch\nJ9452A HP 6600-48G-4XG Switch\nJ9475A HP E8206 zl Switch Base System\nJ9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9640A HP 8206 zl Switch w/Premium Software\nJ8715A ProCurve Switch 8212zl Base System\nJ8715B HP E8212 zl Switch Base System\nJ9091A ProCurve Switch 8212zl Chassis\u0026Fan Tray\nJ9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9641A HP 8212 zl Switch with Premium SW\n\nKA\n Fixes in progress\nuse mitigations\n J9573A HP 3800-24G-PoE+-2SFP+ Switch\nJ9574A HP 3800-48G-PoE+-4SFP+ Switch\nJ9575A HP 3800-24G-2SFP+ Switch\nJ9576A HP 3800-48G-4SFP+ Switch\nJ9584A HP 3800-24SFP-2SFP+ Switch\nJ9585A HP 3800-24G-2XG Switch\nJ9586A HP 3800-48G-4XG Switch\nJ9587A HP 3800-24G-PoE+-2XG Switch\nJ9588A HP 3800-48G-PoE+-4XG Switch\n\nKB\n Fixes in progress\nuse mitigations\n J9821A HP 5406R zl2 Switch\nJ9822A HP 5412R zl2 Switch\nJ9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9850A HP 5406R zl2 Switch\nJ9851A HP 5412R zl2 Switch\nJ9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch\n\nL\n Fixes in progress\nuse mitigations\n J8772B HP 4202-72 Vl Switch\nJ8770A HP 4204 Vl Switch Chassis\nJ9064A HP 4204-44G-4SFP Vl Switch\nJ8773A HP 4208 Vl Switch Chassis\nJ9030A HP 4208-68G-4SFP Vl Switch\nJ8775B HP 4208-96 Vl Switch\nJ8771A ProCurve Switch 4202VL-48G\nJ8772A ProCurve Switch 4202VL-72\nJ8774A ProCurve Switch 4208VL-64G\nJ8775A ProCurve Switch 4208VL-96\n\nM.08\n Fixes in progress\nuse mitigations\n J8433A HP 6400-6XG cl Switch\nJ8474A HP 6410-6XG cl Switch\n\nM.10\n Fixes in progress\nuse mitigations\n J4906A HP E3400-48G cl Switch\nJ4905A HP ProCurve Switch 3400cl-24G\n\nN\n Fixes in progress\nuse mitigations\n J9021A HP 2810-24G Switch\nJ9022A HP 2810-48G Switch\n\nPA\n Fixes in progress\nuse mitigations\n J9029A ProCurve Switch 1800-8G\n\nPB\n Fixes in progress\nuse mitigations\n J9028A ProCurve Switch 1800-24G\nJ9028B ProCurve Switch 1800-24G\n\nQ\n Fixes in progress\nuse mitigations\n J9019B HP 2510-24 Switch\nJ9019A ProCurve Switch 2510-24\n\nR\n Fixes in progress\nuse mitigations\n J9085A HP 2610-24 Switch\nJ9087A HP 2610-24-PoE Switch\nJ9086A HP 2610-24-PPoE Switch\nJ9088A HP 2610-48 Switch\nJ9089A HP 2610-48-PoE Switch\n\nRA\n Fixes in progress\nuse mitigations\n J9623A HP 2620-24 Switch\nJ9624A HP 2620-24-PPoE+ Switch\nJ9625A HP 2620-24-PoE+ Switch\nJ9626A HP 2620-48 Switch\nJ9627A HP 2620-48-PoE+ Switch\n\nS\n Fixes in progress\nuse mitigations\n J9138A HP 2520-24-PoE Switch\nJ9137A HP 2520-8-PoE Switch\n\nT\n Fixes in progress\nuse mitigations\n J9049A ProCurve Switch 2900- 24G\nJ9050A ProCurve Switch 2900 48G\n\nU\n Fixes in progress\nuse mitigations\n J9020A HP 2510-48 Switch\n\nVA\n Fixes in progress\nuse mitigations\n J9079A HP 1700-8 Switch\n\nVB\n Fixes in progress\nuse mitigations\n J9080A HP 1700-24 Switch\n\nW\n Fixes in progress\nuse mitigations\n J9145A HP 2910-24G al Switch\nJ9146A HP 2910-24G-PoE+ al Switch\nJ9147A HP 2910-48G al Switch\nJ9148A HP 2910-48G-PoE+ al Switch\n\nWB\n Fixes in progress\nuse mitigations\n J9726A HP 2920-24G Switch\nJ9727A HP 2920-24G-POE+ Switch\nJ9728A HP 2920-48G Switch\nJ9729A HP 2920-48G-POE+ Switch\nJ9836A HP 2920-48G-POE+ 740W Switch\n\nY\n Fixes in progress\nuse mitigations\n J9279A HP 2510-24G Switch\nJ9280A HP 2510-48G Switch\n\nYA\n Fixes in progress\nuse mitigations\n J9772A HP 2530-48G-PoE+ Switch\nJ9773A HP 2530-24G-PoE+ Switch\nJ9774A HP 2530-8G-PoE+ Switch\nJ9775A HP 2530-48G Switch\nJ9776A HP 2530-24G Switch\nJ9777A HP 2530-8G Switch\nJ9778A HP 2530-48-PoE+ Switch\nJ9781A HP 2530-48 Switch\nJ9853A HP 2530-48G-PoE+-2SFP+ Switch\nJ9854A HP 2530-24G-PoE+-2SFP+ Switch\nJ9855A HP 2530-48G-2SFP+ Switch\nJ9856A HP 2530-24G-2SFP+ Switch\n\nYB\n Fixes in progress\nuse mitigations\n J9779A HP 2530-24-PoE+ Switch\nJ9780A HP 2530-8-PoE+ Switch\nJ9782A HP 2530-24 Switch\nJ9783A HP 2530-8 Switch\n\nMSM 6.5\n 6.5.1.0\n J9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9840A HP MSM775 zl Premium Controller Module\nJ9845A HP 560 Wireless 802.11ac (AM) AP\nJ9846A HP 560 Wireless 802.11ac (WW) AP\nJ9847A HP 560 Wireless 802.11ac (JP) AP\nJ9848A HP 560 Wireless 802.11ac (IL) AP\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\n\nMSM 6.4\n 6.4.2.1\n J9840A HP MSM775 zl Premium Controller Module\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\n\nMSM 6.3\n 6.3.1.0\n J9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\n\nMSM 6.2\n 6.2.1.2\n J9370A HP MSM765 Zl Premium Mobility Controller\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9840A HP MSM775 zl Premium Controller Module\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\n\nM220\n Fixes in progress\nuse mitigations\n J9798A HP M220 802.11n (AM) Access Point\nJ9799A HP M220 802.11n (WW) Access Point\n\nM210\n Fixes in progress\nuse mitigations\n JL023A HP M210 802.11n (AM) Access Point\nJL024A HP M210 802.11n (WW) Access Point\n\nPS110\n Fixes in progress\nuse mitigations\n JL065A HP PS110 Wireless 802.11n VPN AM Router\nJL066A HP PS110 Wireless 802.11n VPN WW Router\n\nHP Office Connect 1810 PK\n Fixes in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nHP Office Connect 1810 P\n Fixes in progress\nuse mitigations\n J9450A HP 1810-24G Switch\nJ9449A HP 1810-8G Switch\n\nHP Office Connect 1810 PL\n Fixes in progress\nuse mitigations\n J9802A HP 1810-8G v2 Switch\nJ9803A HP 1810-24G v2 Switch\n\nRF Manager\n Fixes in progress\nuse mitigations\n J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with\n50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU\n\nHP Office Connect 1810 PM\n Fixes in progress\nuse mitigations\n J9800A HP 1810-8 v2 Switch\nJ9801A HP 1810-24 v2 Switch\n\nHP Office Connect PS1810\n Fixes in progress\nuse mitigations\n J9833A HP PS1810-8G Switch\nJ9834A HP PS1810-24G Switch\n\nMitigation Instructions\n\nFor SSLv3 Server Functionality on Impacted Products:\n\nDisable SSLv3 on clients\nand/or disable CBC ciphers on clients\nUse Access Control functionality to control client access\n\nFor SSLv3 Client Functionality on Impacted Products:\n\nGo to SSL server and disable SSLv3\nand/or disable CBC ciphers\nUse Access Control functionality to control access to servers\n\nHISTORY\nVersion:1 (rev.1) - 2 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT101920\nSSRT101921\nSSRT101922\nSSRT101894\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The HP Insight Control 7.2.3\nUpdate kit applicable to HP Insight Control 7.2.x installations is available\nat the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPICE\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \n\nHP has addressed these vulnerabilities for the impacted software components\nbundled with HP Insight Control in the following HP Security Bulletins:\n\nHP Insight Control software components\n HP Security Bulletin\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03261\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571454\n\nHP System Management Homepage (SMH)\n HPSBMU03260\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571379\n\nHP Version Control Agent (VCA)\n HPSBMU03262\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571956\n\nVersion Control Repository Manager (VCRM)\n HPSBMU03259\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04570627\n\nHISTORY\nVersion:1 (rev.1) - 16 March 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599  mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f  mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b  mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a  mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784  mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1  mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID: VMSA-2015-0001\nSynopsis:    VMware vCenter Server, ESXi, Workstation, Player, and Fusion\n             updates address security issues\nIssue date:  2015-01-27\nUpdated on:  2015-01-27 (Initial Advisory)\nCVE number:  CVE-2014-8370, CVE-2015-1043, CVE-2015-1044\n\n             --- OPENSSL---\n             CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568\n\n             --- libxml2 ---\n             CVE-2014-3660\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n   several security issues. \n \n2. Relevant Releases\n\n   VMware Workstation 10.x prior to version 10.0.5\n  \n   VMware Player 6.x prior to version 6.0.5\n\n   VMware Fusion 7.x prior to version 7.0.1\n   VMware Fusion 6.x prior to version 6.0.5\n\n   vCenter Server 5.5 prior to Update 2d\n\n   ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n   ESXi 5.1 without patch ESXi510-201404101-SG\n   ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n   a. VMware ESXi, Workstation, Player, and Fusion host privilege\n      escalation vulnerability\n\n      VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n      file write issue. Exploitation this issue may allow for privilege\n      escalation on the host. \n\n      The vulnerability does not allow for privilege escalation from \n      the guest Operating System to the host or vice-versa. This means\n      that host memory can not be manipulated from the Guest Operating\n      System. \n\n      Mitigation\n      \n      For ESXi to be affected, permissions must have been added to ESXi\n      (or a vCenter Server managing it) for a virtual machine \n      administrator role or greater. \n\n      VMware would like to thank Shanon Olsson for reporting this issue to\n      us through JPCERT. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2014-8370 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       6.0.5\n\n      ESXi           5.5        ESXi      ESXi550-201403102-SG\n      ESXi           5.1        ESXi      ESXi510-201404101-SG \n      ESXi           5.0        ESXi      ESXi500-201405101-SG\n\n   b. VMware Workstation, Player, and Fusion Denial of Service \n      vulnerability\n\n      VMware Workstation, Player, and Fusion contain an input validation \n      issue in the Host Guest File System (HGFS). This issue may allow\n      for a Denial of Service of the Guest Operating system. \n\n      VMware would like to thank Peter Kamensky from Digital Security for \n      reporting this issue to us. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1043 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       7.0.1\n      Fusion         6.x        any       6.0.5\n\n   c. VMware ESXi, Workstation, and Player Denial of Service \n      vulnerability\n\n      VMware ESXi, Workstation, and Player contain an input\n      validation issue in VMware Authorization process (vmware-authd). \n      This issue may allow for a Denial of Service of the host. On \n      VMware ESXi and on Workstation running on Linux the Denial of\n      Service would be partial. \n\n      VMware would like to thank Dmitry Yudin @ret5et for reporting\n      this issue to us through HP\u0027s Zero Day Initiative. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2015-1044 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      Workstation    11.x       any       not affected\n      Workstation    10.x       any       10.0.5\n\n      Player         7.x        any       not affected\n      Player         6.x        any       6.0.5\n\n      Fusion         7.x        any       not affected\n      Fusion         6.x        any       not affected\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG\n      ESXi           5.1        ESXi      ESXi510-201410101-SG\n      ESXi           5.0        ESXi      not affected\n\n   d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 \n      and 0.9.8 package\n\n      The OpenSSL library is updated to version 1.0.1j or 0.9.8zc\n      to resolve multiple security issues. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-3513, CVE-2014-3567, \n      CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      vCenter Server 5.5        any       Update 2d*\n      vCenter Server 5.1        any       patch pending\n      vCenter Server 5.0        any       patch pending\n\n      ESXi           5.5        ESXi      ESXi550-201501101-SG       \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n\n      * The VMware vCenter 5.5 SSO component will be \n        updated in a later release\n  \n   e. Update to ESXi libxml2 package\n\n      The libxml2 library is updated to version libxml2-2.7.6-17\n      to resolve a security issue. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the name CVE-2014-3660 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware         Product    Running   Replace with/\n      Product        Version    on        Apply Patch\n      =============  =======    =======   =================\n      ESXi           5.5        ESXi      ESXi550-201501101-SG     \n      ESXi           5.1        ESXi      patch pending\n      ESXi           5.0        ESXi      patch pending\n     \n4. Solution\n\n   Please review the patch/release notes for your product and \n   version and verify the checksum of your downloaded file. \n\n   VMware Workstation 10.x\n   -------------------------------- \n   https://www.vmware.com/go/downloadworkstation \n\n   VMware Player 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   VMware Fusion 7.x and 6.x\n   --------------------------------     \n   https://www.vmware.com/go/downloadplayer \n\n   vCenter Server\n   ----------------------------\n   Downloads and Documentation: \n   https://www.vmware.com/go/download-vsphere \n\n   ESXi 5.5 Update 2d\n   ----------------------------\n   File: update-from-esxi5.5-5.5_update01.zip\n   md5sum: 5773844efc7d8e43135de46801d6ea25\n   sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n   http://kb.vmware.com/kb/2065832\n   update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n   ESXi 5.5\n   ----------------------------\n   File: ESXi550-201501001.zip\n   md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n   sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n   http://kb.vmware.com/kb/2099265\n   ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n   ESXi 5.1\n   ----------------------------\n   File: ESXi510-201404001.zip\n   md5sum: 9dc3c9538de4451244a2b62d247e52c4\n   sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n   http://kb.vmware.com/kb/2070666\n   ESXi510-201404001 contains ESXi510-201404101-SG\n\n   ESXi 5.0\n   ----------------------------\n   File: ESXi500-201405001.zip\n   md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n   sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n   http://kb.vmware.com/kb/2075521\n   ESXi500-201405001 contains  ESXi500-201405101-SG\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 \n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 \n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2015-01-27 VMSA-2015-0001\n   Initial security advisory in conjunction with the release of VMware\n   Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n   and, ESXi 5.5 Patches released on 2015-01-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   Consolidated list of VMware Security Advisories\n   http://kb.vmware.com/kb/2078735\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2015 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.0 (Build 8741)\nCharset: utf-8\n\nwj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE\nc75UD0ctlJx5607JuLfnb6Y=\n=IxpT\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  An attacker may be able to bypass access restrictions\nDescription:  An API issue existed in the apache configuration. This\nissue was addressed by updating header files to use the latest\nversion. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite 10.10 or later\nImpact:  An attacker may be able to access restricted parts of the\nfilesystem\nDescription:  A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilties in OpenSSL\nDescription:  Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription:  Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Build notifications may be sent to unintended recipients\nDescription:  An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription:  Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \nCorrected:      2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n                2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n                2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n                2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name:       CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified.  [CVE-2014-3567]. \n\nThe SSL protocol 3.0, as supported in OpenSSL and other products, supports\nCBC mode encryption where it could not adequately check the integrity of\npadding, because of the use of non-deterministic CBC padding.  This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. \n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. [CVE-2014-3568]. \n\nIII. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r273151\nreleng/8.4/                                                       r273416\nstable/9/                                                         r273151\nreleng/9.1/                                                       r273415\nreleng/9.2/                                                       r273415\nreleng/9.3/                                                       r273415\nstable/10/                                                        r273149\nreleng/10.0/                                                      r273415\nreleng/10.1/                                                      r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "70586",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "62124",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62030",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61058",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "59627",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61130",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61207",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61837",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61990",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61298",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "62070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61073",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "61959",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1031052",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10091",
        "trust": 1.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-3567",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131273",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132467",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131044",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133617",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128808",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "id": "VAR-201410-1144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3482142825
  },
  "last_update_date": "2025-12-22T23:33:44.307000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/"
      },
      {
        "title": "Red Hat: Critical: rhev-hypervisor6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150126 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2014-3567",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3567"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2385-1"
      },
      {
        "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-427"
      },
      {
        "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720141015\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2014-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=555e6256ba536e4a20d40e659e367839"
      },
      {
        "title": "Splunk Security Announcements: Splunk Enterprise 6.1.5 addresses two vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=dfed8c47fbdf5e7bb5fbbdd725bdfb67"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
      },
      {
        "title": "rhsecapi",
        "trust": 0.1,
        "url": "https://github.com/RedHatOfficial/rhsecapi "
      },
      {
        "title": "cve-pylib",
        "trust": 0.1,
        "url": "https://github.com/RedHatProductSecurity/cve-pylib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "https://www.openssl.org/news/secadv_20141015.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
      },
      {
        "trust": 1.4,
        "url": "http://www.splunk.com/view/sp-caaanst"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.4,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/70586"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2014/dsa-3053"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2385-1"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61130"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61073"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62070"
      },
      {
        "trust": 1.1,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031052"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61207"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62030"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61058"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61837"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/62124"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/ht204244"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61959"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61298"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59627"
      },
      {
        "trust": 1.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0416.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/ht205217"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21687676"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa87"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690537"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959161"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/158"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/156"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/157"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/may/159"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/feb/151"
      },
      {
        "trust": 0.3,
        "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/apr/35"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 "
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196"
      },
      {
        "trust": 0.3,
        "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687801"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689101"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098251"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097159"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097913"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097911"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2015-0001.html "
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101009000"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.2,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:0126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2385-1/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37192"
      },
      {
        "trust": 0.1,
        "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/library/security/3009008"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150319.txt"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://openssl.org/news/secadv_20150108.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1044"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2078735"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2070666"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2075521"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2065832"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadplayer"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1043"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadworkstation"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2099265"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vsphere"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "db": "BID",
        "id": "70586"
      },
      {
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "date": "2014-10-15T00:00:00",
        "db": "BID",
        "id": "70586"
      },
      {
        "date": "2015-04-03T15:45:16",
        "db": "PACKETSTORM",
        "id": "131273"
      },
      {
        "date": "2015-03-25T00:42:25",
        "db": "PACKETSTORM",
        "id": "131014"
      },
      {
        "date": "2015-06-29T15:35:42",
        "db": "PACKETSTORM",
        "id": "132467"
      },
      {
        "date": "2015-03-27T20:42:44",
        "db": "PACKETSTORM",
        "id": "131044"
      },
      {
        "date": "2015-01-28T18:22:00",
        "db": "PACKETSTORM",
        "id": "130144"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-09-19T15:31:48",
        "db": "PACKETSTORM",
        "id": "133617"
      },
      {
        "date": "2014-10-22T19:54:29",
        "db": "PACKETSTORM",
        "id": "128808"
      },
      {
        "date": "2014-10-19T01:55:13.933000",
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-3567"
      },
      {
        "date": "2016-09-09T15:00:00",
        "db": "BID",
        "id": "70586"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-3567"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "70586"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Session Ticket Memory Leak Remote Denial of Service Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "70586"
      }
    ],
    "trust": 0.3
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "70586"
      }
    ],
    "trust": 0.3
  }
}

VAR-201711-0923

Vulnerability from variot - Updated: 2025-12-22 23:13

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0g and 1.0.2m are vulnerable. OpenSSL Security Advisory [07 Dec 2017] ========================================

Read/write after SSL object in error state (CVE-2017-3737)

Severity: Moderate

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 10th November 2017 by David Benjamin (Google). The fix was proposed by David Benjamin and implemented by Matt Caswell of the OpenSSL development team.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Severity: Low

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.

Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193.

Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20171207.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Description:

This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.

This release upgrades OpenSSL to version 1.0.2.n

Security Fix(es):

openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
openssl: certificate message OOB reads (CVE-2016-6306)
openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
openssl: Read/write after SSL object in error state (CVE-2017-3737)
openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 and CVE-2016-7055. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state 1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

JIRA issues fixed (https://issues.jboss.org/):

JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7

========================================================================== Ubuntu Security Notice USN-3475-1 November 06, 2017

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 17.04
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: libssl1.0.0 1.0.2g-1ubuntu13.2

Ubuntu 17.04: libssl1.0.0 1.0.2g-1ubuntu11.3

Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.9

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.23

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2575-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2575 Issue date: 2018-08-28 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ==================================================================== 1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP20.

Security Fix(es):

IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539)
openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
IBM JDK: DoS in the java.math component (CVE-2018-1517)
IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656)
Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940)
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952)
Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973)
OpenSSL: Double-free in DSA code (CVE-2016-0705)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Bugs fixed (https://bugzilla.redhat.com/):

1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component

Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

ppc64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm

s390x: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm

x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBW4WgLdzjgjWX9erEAQixyw//d2pemlb2TNR2kW3WlrxY0KBjUBM+PS4i bQ8+SoNsct2XtVFq0oOfwAmYMn++pAY37yvvhUdefe5sAcUldDcJtLIgXbtISSXe V5EdrLvQbv/rSxikOfccFzNI8GwJTgGiLpq8n9exHcSsY5cZevzukgRr6b+yQbnj mcYEC3TB/CnulDac/Pt0VsS9AoFhwuX958/+EQdpMq1yOGqog6eM8U6x2btA4YSi mcVD2hom6GuYMKq0oWDPWPry5hJePvbPM6GZw8pYdRvA1eKjp24M3mkWkkIEFw6U aZCW6YXJuwMMJ4IYbF1Aofm3ab+R1VZXmPvzMHXRhVcRyZLvBzo1fZaw7ISX1ibV FimDRrXLIJDudoS80DMVmbgQTL37U6pGAe6gV2JLtvtEZl02Sxq5PeRfuMME4qeP rT+xyz0zjyIqTpxhAzAQJ28ZCrWDvRycCT5ZLwaPfxZ0+4cY1l58TMfYpdwIKJSC M8HQccrNxQ8S/kSKexIT18mSQcMwOhDza6gV4hSiOQgI/xHW3sic78a7/74JnSBT DgZuicAq73IWdYu67B04UzsZNsySSW6vs3BeYdfN5BnmK40NxrH5d5LMRV4xKmN+ HlkzX1CrDCBl9PtbQF0xpUGluvXCg1u2kzGHj4Dv7JP64bV1wXmLm5kwrPL/QZhv 8IL8kIZinC8=eoiE -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0923",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0g"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2m"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0g"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "compute systems manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "infrastructure analytics advisor",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/performance management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console"
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web console (windows"
      },
      {
        "model": "automation director",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "( domestic version )"
      },
      {
        "model": "global link manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/automatic job management system 3",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "linux)"
      },
      {
        "model": "jp1/automatic operation",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "device manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/it desktop management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "2 - smart device manager"
      },
      {
        "model": "configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus primary server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "base"
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tuning manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/operations analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "jp1/snmp system observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "-r"
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "tiered storage manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "automation director",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "( overseas edition )"
      },
      {
        "model": "replication manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.1.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.2j"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.8"
      },
      {
        "model": "intelligencecenter data collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "jd edwards world security a9.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.6.3293"
      },
      {
        "model": "project openssl 1.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.6"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.0.5135"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.4.4.4226"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.2i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications eagle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "46.5"
      },
      {
        "model": "db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.30"
      },
      {
        "model": "project openssl 1.1.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.3"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.0"
      },
      {
        "model": "project openssl 1.0.2g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.20"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "jboss core services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "1"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.9"
      },
      {
        "model": "project openssl 1.0.2h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.14"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.7"
      },
      {
        "model": "jboss eap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.10"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.0.1098"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.1182"
      },
      {
        "model": "project openssl 1.1.0g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.4.7895"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.10"
      },
      {
        "model": "project openssl 1.1.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3.9"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.17"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.4.3247"
      },
      {
        "model": "db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.8"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.7"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.4.2.4181"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2.2"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.25"
      },
      {
        "model": "security analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.2"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.5.1141"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.4.1"
      },
      {
        "model": "android mobile agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.2"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.1.1049"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.2.1162"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.15"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.32"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "project openssl 1.0.2m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications eagle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "46.7"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.9"
      },
      {
        "model": "project openssl 1.1.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "jd edwards world security a9.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.22"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.6.8003"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.1"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.3.3.1199"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.14"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.16"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications eagle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "46.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.24"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.7.1204"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2.4"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.3.7"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.4"
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.34"
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.40"
      },
      {
        "model": "jboss ews",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.7"
      },
      {
        "model": "project openssl 1.0.2l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.8.2223"
      },
      {
        "model": "db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.41"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.3"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4.1102"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.20"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.2"
      },
      {
        "model": "project openssl 1.1.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.8"
      },
      {
        "model": "project openssl 1.1.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "mysql connectors",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.33"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.7"
      },
      {
        "model": "project openssl 1.0.2k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "9.5"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8.0.2"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.8"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.8"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.3.7856"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1.5.7958"
      },
      {
        "model": "db2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1.30"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.4.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.18"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.4"
      },
      {
        "model": "jd edwards world security a9.3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101666"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:openssl:openssl",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:automation_director",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:compute_systems_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:configuration_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:device_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:global_link_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:infrastructure_analytics_advisor",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:replication_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:tiered_storage_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:tuning_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_operation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_it_desktop_management",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_operation_analytics",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_performance_management",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:jp1_snmp_system_observer",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OSS-Fuzz",
    "sources": [
      {
        "db": "BID",
        "id": "101666"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-3736",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-3736",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-3736",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3736",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3736",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-066",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3736",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nVersions prior to OpenSSL 1.1.0g and 1.0.2m are vulnerable. \nOpenSSL Security Advisory [07 Dec 2017]\n========================================\n\nRead/write after SSL object in error state (CVE-2017-3737)\n==========================================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\"\nmechanism. The intent was that if a fatal error occurred during a handshake then\nOpenSSL would move into the error state and would immediately fail if you\nattempted to continue the handshake. This works as designed for the explicit\nhandshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),\nhowever due to a bug it does not work correctly if SSL_read() or SSL_write() is\ncalled directly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If SSL_read()/SSL_write() is\nsubsequently called by the application for the same SSL object then it will\nsucceed and the data is passed without being decrypted/encrypted directly from\nthe SSL/TLS record layer. \n\nIn order to exploit this issue an application bug would have to be present that\nresulted in a call to SSL_read()/SSL_write() being issued after having already\nreceived a fatal error. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2n\n\nThis issue was reported to OpenSSL on 10th November 2017 by David Benjamin\n(Google). The fix was proposed by David Benjamin and implemented by Matt Caswell\nof the OpenSSL development team. \n\nrsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n=========================================================\n\nSeverity: Low\n\nThere is an overflow bug in the AVX2 Montgomery multiplication procedure\nused in exponentiation with 1024-bit moduli. \n\nNote: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732\nand CVE-2015-3193. \n\nDue to the low severity of this issue we are not issuing a new release of\nOpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it\nbecomes available. The fix is also available in commit e502cc86d in the OpenSSL\ngit repository. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2n\n\nThis issue was reported to OpenSSL on 22nd November 2017 by David Benjamin\n(Google). The issue was originally found via the OSS-Fuzz project. The fix was\ndeveloped by Andy Polyakov of the OpenSSL development team. \n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20171207.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. \n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n*  openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n(CVE-2016-2182)\n\n*  openssl: Insufficient TLS session ticket HMAC length checks\n(CVE-2016-6302)\n\n*  openssl: certificate message OOB reads (CVE-2016-6306)\n\n*  openssl: Carry propagating bug in Montgomery multiplication\n(CVE-2016-7055)\n\n*  openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n*  openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n*  openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n*  openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n*  openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306\nand CVE-2016-7055. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state\n1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. ==========================================================================\nUbuntu Security Notice USN-3475-1\nNovember 06, 2017\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nIt was discovered that OpenSSL incorrectly parsed the IPAddressFamily\nextension in X.509 certificates, resulting in an erroneous display of the\ncertificate in text format. While unlikely, a remote attacker could possibly use\nthis issue to recover private keys. This issue only applied to Ubuntu 16.04\nLTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-3736)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n  libssl1.0.0                     1.0.2g-1ubuntu13.2\n\nUbuntu 17.04:\n  libssl1.0.0                     1.0.2g-1ubuntu11.3\n\nUbuntu 16.04 LTS:\n  libssl1.0.0                     1.0.2g-1ubuntu4.9\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: java-1.8.0-ibm security update\nAdvisory ID:       RHSA-2018:2575-01\nProduct:           Red Hat Enterprise Linux Supplementary\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2575\nIssue date:        2018-08-28\nCVE Names:         CVE-2016-0705 CVE-2017-3732 CVE-2017-3736\n                   CVE-2018-1517 CVE-2018-1656 CVE-2018-2940\n                   CVE-2018-2952 CVE-2018-2973 CVE-2018-12539\n====================================================================\n1. Summary:\n\nAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux\n6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP20. \n\nSecurity Fix(es):\n\n* IBM JDK: privilege escalation via insufficiently restricted access to\nAttach API (CVE-2018-12539)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64\n(CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* IBM JDK: DoS in the java.math component (CVE-2018-1517)\n\n* IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n(CVE-2018-1656)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (Libraries) (CVE-2018-2940)\n\n* OpenJDK: insufficient index validation in PatternSyntaxException\ngetMessage() (Concurrency, 8199547) (CVE-2018-2952)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and\n10.0.2 (JSSE) (CVE-2018-2973)\n\n* OpenSSL: Double-free in DSA code (CVE-2016-0705)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the\noriginal reporter of CVE-2016-0705. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64\n1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64\n1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)\n1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)\n1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)\n1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API\n1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework\n1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nppc64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm\n\ns390x:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0705\nhttps://access.redhat.com/security/cve/CVE-2017-3732\nhttps://access.redhat.com/security/cve/CVE-2017-3736\nhttps://access.redhat.com/security/cve/CVE-2018-1517\nhttps://access.redhat.com/security/cve/CVE-2018-1656\nhttps://access.redhat.com/security/cve/CVE-2018-2940\nhttps://access.redhat.com/security/cve/CVE-2018-2952\nhttps://access.redhat.com/security/cve/CVE-2018-2973\nhttps://access.redhat.com/security/cve/CVE-2018-12539\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW4WgLdzjgjWX9erEAQixyw//d2pemlb2TNR2kW3WlrxY0KBjUBM+PS4i\nbQ8+SoNsct2XtVFq0oOfwAmYMn++pAY37yvvhUdefe5sAcUldDcJtLIgXbtISSXe\nV5EdrLvQbv/rSxikOfccFzNI8GwJTgGiLpq8n9exHcSsY5cZevzukgRr6b+yQbnj\nmcYEC3TB/CnulDac/Pt0VsS9AoFhwuX958/+EQdpMq1yOGqog6eM8U6x2btA4YSi\nmcVD2hom6GuYMKq0oWDPWPry5hJePvbPM6GZw8pYdRvA1eKjp24M3mkWkkIEFw6U\naZCW6YXJuwMMJ4IYbF1Aofm3ab+R1VZXmPvzMHXRhVcRyZLvBzo1fZaw7ISX1ibV\nFimDRrXLIJDudoS80DMVmbgQTL37U6pGAe6gV2JLtvtEZl02Sxq5PeRfuMME4qeP\nrT+xyz0zjyIqTpxhAzAQJ28ZCrWDvRycCT5ZLwaPfxZ0+4cY1l58TMfYpdwIKJSC\nM8HQccrNxQ8S/kSKexIT18mSQcMwOhDza6gV4hSiOQgI/xHW3sic78a7/74JnSBT\nDgZuicAq73IWdYu67B04UzsZNsySSW6vs3BeYdfN5BnmK40NxrH5d5LMRV4xKmN+\nHlkzX1CrDCBl9PtbQF0xpUGluvXCg1u2kzGHj4Dv7JP64bV1wXmLm5kwrPL/QZhv\n8IL8kIZinC8=eoiE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "BID",
        "id": "101666"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3736",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "101666",
        "trust": 2.0
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-15",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2017-14",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1039727",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10211",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1089",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4748",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0258.3",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1613",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1415",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0733",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3736",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169631",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169655",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148521",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148525",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "148524",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144899",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149130",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "BID",
        "id": "101666"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "id": "VAR-201711-0923",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.22708334
  },
  "last_update_date": "2025-12-22T23:13:10.973000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "hitachi-sec-2018-106",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-106/index.html"
      },
      {
        "title": "hitachi-sec-2018-124",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-124/index.html"
      },
      {
        "title": "hitachi-sec-2019-105",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-105/index.html"
      },
      {
        "title": "NTAP-20171107-0002",
        "trust": 0.8,
        "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
      },
      {
        "title": "bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      },
      {
        "title": "TNS-2017-14",
        "trust": 0.8,
        "url": "https://www.tenable.com/security/tns-2017-14"
      },
      {
        "title": "hitachi-sec-2018-106",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-106/index.html"
      },
      {
        "title": "hitachi-sec-2018-124",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-124/index.html"
      },
      {
        "title": "hitachi-sec-2019-105",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-105/index.html"
      },
      {
        "title": "OpenSSL Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76120"
      },
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20180998 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3475-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4017-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c59b0b63bafaa6def9e5da50acf68ca8"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182575 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29  RHEL 7 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182185 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182186 - Security Advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4018-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ac7ab332aa094dcdde4da9f7cb2a19f1"
      },
      {
        "title": "Red Hat: Important: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182568 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: java-1.8.0-ibm security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182713 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182187 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2017-3736",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-3736"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-3736"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2018-1016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1016"
      },
      {
        "title": "Symantec Security Advisories: SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7d613a491eb4632d0bd09811cbeaee1e"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-9] openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201712-9"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201711-14] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201711-14"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201711-15] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201711-15"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3d9ab13c871ea2142681c7977b25c5ff"
      },
      {
        "title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-105"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201712-11"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2018 \u2013 Includes Oracle Jul 2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=af4ddb95056d65a4af347aec0f652f0e"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2017-15"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2018-1004",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1004"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=62ef85c9034c17315b7d0a712483c5ea"
      },
      {
        "title": "Tenable Security Advisories: [R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2017-14"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=03b0267d78cd8ac1bbb43afc737474f0"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=63bbfc68418161b36080acd59a541d45"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ae57a14ec914f60b7203332a77613077"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dd8c9d5928cc3b1ac8c35b4b24703e38"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
      },
      {
        "title": "cp4s-car-schema",
        "trust": 0.1,
        "url": "https://github.com/IBM/cp4s-car-schema "
      },
      {
        "title": "core-kit",
        "trust": 0.1,
        "url": "https://github.com/funtoo/core-kit "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/101666"
      },
      {
        "trust": 2.1,
        "url": "https://www.openssl.org/news/secadv/20171102.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 2.0,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:0998"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2187"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2186"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2185"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2575"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2713"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039727"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4018"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2017/dsa-4017"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-14"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-17:11.openssl.asc"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2017-15"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201712-03"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:2568"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03881en_us"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/security/cve/cve-2017-3736"
      },
      {
        "trust": 0.9,
        "url": "https://github.com/openssl/openssl/commit/668a709a8d7ea374ee72ad2d43ac72ec60a80eee"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169"
      },
      {
        "trust": 0.9,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.9,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10211"
      },
      {
        "trust": 0.9,
        "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2018-4431087.html"
      },
      {
        "trust": 0.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
      },
      {
        "trust": 0.9,
        "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa157"
      },
      {
        "trust": 0.9,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1s1012049"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3736"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10715641"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10882734"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76710"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4748/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1138588"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10882292"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80494"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79678"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10734877"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/78218"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/74714"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2017-3732"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3731"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3737"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-6306"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-3738"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2182"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-7055"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-6302"
      },
      {
        "trust": 0.2,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.2,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-12539"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-2940"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2952"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1656"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2973"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12539"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3475-1/"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57518"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170828.txt,"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171207.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.9"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3475-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "BID",
        "id": "101666"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "db": "BID",
        "id": "101666"
      },
      {
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "date": "2017-11-02T00:00:00",
        "db": "BID",
        "id": "101666"
      },
      {
        "date": "2017-11-02T12:12:12",
        "db": "PACKETSTORM",
        "id": "169631"
      },
      {
        "date": "2017-12-07T12:12:12",
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "date": "2018-07-12T21:45:18",
        "db": "PACKETSTORM",
        "id": "148521"
      },
      {
        "date": "2018-07-12T21:48:57",
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "date": "2018-09-18T02:18:55",
        "db": "PACKETSTORM",
        "id": "149403"
      },
      {
        "date": "2018-07-12T21:48:49",
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "date": "2017-11-06T22:24:00",
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "date": "2018-08-29T00:28:49",
        "db": "PACKETSTORM",
        "id": "149130"
      },
      {
        "date": "2017-11-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "date": "2017-11-02T17:29:00.243000",
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3736"
      },
      {
        "date": "2019-07-17T09:00:00",
        "db": "BID",
        "id": "101666"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      },
      {
        "date": "2019-08-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-3736"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148525"
      },
      {
        "db": "PACKETSTORM",
        "id": "148524"
      },
      {
        "db": "PACKETSTORM",
        "id": "144899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010189"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-066"
      }
    ],
    "trust": 0.6
  }
}

VAR-201603-0222

Vulnerability from variot - Updated: 2025-12-22 22:51

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. libxml2 is prone to multiple memory-corruption vulnerabilities. A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, OS X, Safari, tvOS and watchOS are all products of Apple Inc. in the United States. Apple iOS is a set of operating systems developed for mobile devices; Apple OS X is a set of dedicated operating systems developed for Mac computers; and the default browser that comes with the iOS operating system; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in libxml2 of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, OS X versions prior to 10.11.4, Safari versions prior to 9.1, tvOS versions prior to 9.2, and watchOS versions prior to 2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-3 tvOS 9.2

tvOS 9.2 is now available and addresses the following:

FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659

IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG

libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762

Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab

TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1783 : Mihai Parparita of Google

WebKit History Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)

Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.".

To check the current version of software, select "Settings -> General -> About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: libxml2 security update Advisory ID: RHSA-2016:1292-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292 Issue date: 2016-06-23 CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 =====================================================================

Summary:

An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Description:

The libxml2 library is a development toolbox providing the implementation of various XML standards. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all applications linked to the libxml2 library must be restarted, or the system rebooted.

Package List:

Red Hat Enterprise Linux HPC Node (v. 6):

Source: libxml2-2.7.6-21.el6_8.1.src.rpm

x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: libxml2-2.7.6-21.el6_8.1.src.rpm

i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm

ppc64: libxml2-2.7.6-21.el6_8.1.ppc.rpm libxml2-2.7.6-21.el6_8.1.ppc64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm

s390x: libxml2-2.7.6-21.el6_8.1.s390.rpm libxml2-2.7.6-21.el6_8.1.s390x.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-devel-2.7.6-21.el6_8.1.s390.rpm libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm libxml2-python-2.7.6-21.el6_8.1.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm

ppc64: libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm

s390x: libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-static-2.7.6-21.el6_8.1.s390x.rpm

x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: libxml2-2.7.6-21.el6_8.1.src.rpm

i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm

x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

ppc64: libxml2-2.9.1-6.el7_2.3.ppc.rpm libxml2-2.9.1-6.el7_2.3.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm

ppc64le: libxml2-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm

s390x: libxml2-2.9.1-6.el7_2.3.s390.rpm libxml2-2.9.1-6.el7_2.3.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-devel-2.9.1-6.el7_2.3.s390.rpm libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm libxml2-python-2.9.1-6.el7_2.3.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-static-2.9.1-6.el7_2.3.ppc.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm

ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm

s390x: libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-static-2.9.1-6.el7_2.3.s390.rpm libxml2-static-2.9.1-6.el7_2.3.s390x.rpm

x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm ZsVLEgJAF0Zt6xZVzqvVW7U= =fREV -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . From: Marc Deslauriers marc.deslauriers@canonical.com Reply-To: Ubuntu Security security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: 5755B7E3.5040103@canonical.com Subject: [USN-2994-1] libxml2 vulnerabilities

============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)

It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1762, CVE-2016-1834)

Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)

Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1835, CVE-2016-1837)

Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)

Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1840)

It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)

Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4483)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.1

Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.4

Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.8

Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.15

After a standard system update you need to reboot your computer to make all the necessary changes.

For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u2. CVE-ID CVE-2016-1762

Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue existed where the text of a dialog included page-supplied text. CVE-ID CVE-2016-1771 : Russ Cox

Safari Top Sites Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: A cookie storage issue existed in the Top Sites page. CVE-ID CVE-2016-1772 : WoofWagly

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: An issue existed in the handling of attachment URLs. CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1785 : an anonymous researcher

WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation

Installation note:

Safari 9.1 may be obtained from the Mac App Store. Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6.

Security Fix(es):

This update fixes several flaws in OpenSSL. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0222",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "web gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.6.2.3"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "libxml2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "xmlsoft",
        "version": "2.9.4"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "web gateway",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.5.2.11"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "web gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.5.2.10"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "12.04 lts"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "14.04 lts"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "ubuntu",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "canonical",
        "version": "16.04 lts"
      },
      {
        "model": "gnu/linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 to  10.11.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (apple tv first  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2   (apple watch edition)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2   (apple watch hermes)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2   (apple watch sport)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2   (apple watch)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.0"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.410"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.219"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "junos space 15.1f2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.36"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5.2.10"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "junos space 15.1r2.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "authconnector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.5"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "email gateway 7.6.2h968406",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.46"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.405"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.7"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.42"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "junos space 15.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.4"
      },
      {
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.31"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.08"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "watch hermes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.22"
      },
      {
        "model": "industrial control system protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.401"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.34"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "email gateway 7.6.405h1165239",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5.2.11"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.52"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "norman network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.31"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.412"
      },
      {
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "junos space 15.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.33"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.8"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "smartcloud entry jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.35"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.30"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.33"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.10"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.218"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.8"
      },
      {
        "model": "junos space 14.1r1.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.19"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.403"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.113"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.3"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "junos space 16.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "mq appliance m2001",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "mq appliance m2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.415"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "watch sport",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.09"
      },
      {
        "model": "watch edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "20"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.5"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.01"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.34"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.5"
      },
      {
        "model": "junos space 14.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "smartcloud entry jre update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.55"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.5.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "model": "industrial control systems network scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.8"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.55"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.400"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.415"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4419.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.28"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.406-3402.103"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "email gateway 7.6.405h1157986",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "libxml2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xmlsoft",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.402"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "85059"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2016-1762",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-1762",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-1762",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-90581",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-1762",
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-1762",
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1762",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2016-1762",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1762",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-315",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90581",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1762",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. libxml2 is prone to multiple memory-corruption vulnerabilities. \nA remote attacker can leverage these issues to execute arbitrary code  in  the context of the user running the application.  Failed  exploit  attempts may result in a denial-of-service condition. Apple iOS, OS X, Safari, tvOS and watchOS are all products of Apple Inc. in the United States. Apple iOS is a set of operating systems developed for mobile devices; Apple OS X is a set of dedicated operating systems developed for Mac computers; and the default browser that comes with the iOS operating system; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in libxml2 of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, OS X versions prior to 10.11.4, Safari versions prior to 9.1, tvOS versions prior to 9.2, and watchOS versions prior to 2.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-3 tvOS 9.2\n\ntvOS 9.2 is now available and addresses the following:\n\nFontParser\nAvailable for:  Apple TV (4th generation)\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  Apple TV (4th generation)\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to bypass code signing\nDescription:  A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1762\n\nSecurity\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTrueTypeScaler\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit History\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription:  A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWi-Fi\nAvailable for:  Apple TV (4th generation)\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: libxml2 security update\nAdvisory ID:       RHSA-2016:1292-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2016:1292\nIssue date:        2016-06-23\nCVE Names:         CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 \n                   CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 \n                   CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 \n                   CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 \n                   CVE-2016-4448 CVE-2016-4449 \n=====================================================================\n\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,\nCVE-2016-4448, CVE-2016-4449)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all applications linked to the libxml2\nlibrary must be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\ni386:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-python-2.7.6-21.el6_8.1.i686.rpm\n\nppc64:\nlibxml2-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.ppc.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.ppc64.rpm\n\ns390x:\nlibxml2-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.s390.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-python-2.7.6-21.el6_8.1.s390x.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-static-2.7.6-21.el6_8.1.i686.rpm\n\nppc64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.ppc64.rpm\n\ns390x:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm\nlibxml2-static-2.7.6-21.el6_8.1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nlibxml2-2.7.6-21.el6_8.1.src.rpm\n\ni386:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-python-2.7.6-21.el6_8.1.i686.rpm\n\nx86_64:\nlibxml2-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-python-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm\nlibxml2-static-2.7.6-21.el6_8.1.i686.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm\nlibxml2-static-2.7.6-21.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nppc64:\nlibxml2-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.ppc64.rpm\n\nppc64le:\nlibxml2-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-python-2.9.1-6.el7_2.3.s390x.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm\nlibxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm\nlibxml2-static-2.9.1-6.el7_2.3.s390.rpm\nlibxml2-static-2.9.1-6.el7_2.3.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.3.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.3.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-1762\nhttps://access.redhat.com/security/cve/CVE-2016-1833\nhttps://access.redhat.com/security/cve/CVE-2016-1834\nhttps://access.redhat.com/security/cve/CVE-2016-1835\nhttps://access.redhat.com/security/cve/CVE-2016-1836\nhttps://access.redhat.com/security/cve/CVE-2016-1837\nhttps://access.redhat.com/security/cve/CVE-2016-1838\nhttps://access.redhat.com/security/cve/CVE-2016-1839\nhttps://access.redhat.com/security/cve/CVE-2016-1840\nhttps://access.redhat.com/security/cve/CVE-2016-3627\nhttps://access.redhat.com/security/cve/CVE-2016-3705\nhttps://access.redhat.com/security/cve/CVE-2016-4447\nhttps://access.redhat.com/security/cve/CVE-2016-4448\nhttps://access.redhat.com/security/cve/CVE-2016-4449\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm\nZsVLEgJAF0Zt6xZVzqvVW7U=\n=fREV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. From: Marc Deslauriers \u003cmarc.deslauriers@canonical.com\u003e\nReply-To: Ubuntu Security \u003csecurity@ubuntu.com\u003e\nTo: ubuntu-security-announce@lists.ubuntu.com\nMessage-ID: \u003c5755B7E3.5040103@canonical.com\u003e\nSubject: [USN-2994-1] libxml2 vulnerabilities\n\n\n\n\n============================================================================\nUbuntu Security Notice USN-2994-1\nJune 06, 2016\n\nlibxml2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073,\nCVE-2016-3627, CVE-2016-3705, CVE-2016-4447)\n\nIt was discovered that libxml2 incorrectly handled certain malformed\ndocuments. \n(CVE-2016-1762, CVE-2016-1834)\n\nMateusz Jurczyk discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1835, CVE-2016-1837)\n\nWei Lei and Liu Yang discovered that libxml2 incorrectly handled certain\nmalformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and\nUbuntu 16.04 LTS. (CVE-2016-1836)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-1840)\n\nIt was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2016-4483)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  libxml2                         2.9.3+dfsg1-1ubuntu0.1\n\nUbuntu 15.10:\n  libxml2                         2.9.2+zdfsg1-4ubuntu0.4\n\nUbuntu 14.04 LTS:\n  libxml2                         2.9.1+dfsg1-3ubuntu4.8\n\nUbuntu 12.04 LTS:\n  libxml2                         2.7.8.dfsg-5.1ubuntu4.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u2. \nCVE-ID\nCVE-2016-1762\n\nSafari\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  An issue existed where the text of a dialog included\npage-supplied text. \nCVE-ID\nCVE-2016-1771 : Russ Cox\n\nSafari Top Sites\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  A website may be able to track sensitive user information\nDescription:  A cookie storage issue existed in the Top Sites page. \nCVE-ID\nCVE-2016-1772 : WoofWagly\n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  A website may be able to track sensitive user information\nDescription:  An issue existed in the handling of attachment URLs. \nCVE-ID\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. \nCVE-ID\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. \n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription:  An issue existed in the parsing of geolocation\nrequests. \nCVE-ID\nCVE-2016-1785 : an anonymous researcher\n\nWebKit Page Loading\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nInstallation note:\n\nSafari 9.1 may be obtained from the Mac App Store. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. \n\nSecurity Fix(es):\n\n* This update fixes several flaws in OpenSSL. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "BID",
        "id": "85059"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137613"
      },
      {
        "db": "PACKETSTORM",
        "id": "137335"
      },
      {
        "db": "PACKETSTORM",
        "id": "137298"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1762",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "85059",
        "trust": 2.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10170",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1035353",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2340",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10770",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "137613",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-90581",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1762",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136344",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137335",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136347",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "db": "BID",
        "id": "85059"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137613"
      },
      {
        "db": "PACKETSTORM",
        "id": "137335"
      },
      {
        "db": "PACKETSTORM",
        "id": "137298"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "id": "VAR-201603-0222",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-12-22T22:51:15.660000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-2 watchOS 2.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-3 tvOS 9.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-1 iOS 9.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206167"
      },
      {
        "title": "HT206168",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206168"
      },
      {
        "title": "HT206169",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206169"
      },
      {
        "title": "HT206166",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206166"
      },
      {
        "title": "HT206166",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206166"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206167"
      },
      {
        "title": "HT206168",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206168"
      },
      {
        "title": "HT206169",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206169"
      },
      {
        "title": "DSA-3593",
        "trust": 0.8,
        "url": "https://www.debian.org/security/2016/dsa-3593"
      },
      {
        "title": "Bug 759671",
        "trust": 0.8,
        "url": "https://bugzilla.gnome.org/show_bug.cgi?id=759671"
      },
      {
        "title": "Heap-based buffer overread in xmlNextChar",
        "trust": 0.8,
        "url": "https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602"
      },
      {
        "title": "Oracle Linux Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "RHSA-2016:1292",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/RHSA-2016:1292"
      },
      {
        "title": "TLSA-2016-22",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2016/TLSA-2016-22j.html"
      },
      {
        "title": "USN-2994-1",
        "trust": 0.8,
        "url": "http://www.ubuntu.com/usn/USN-2994-1"
      },
      {
        "title": "2.9.4: May 23 2016",
        "trust": 0.8,
        "url": "http://xmlsoft.org/news.html"
      },
      {
        "title": "Multiple Apple product libxml2 Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60641"
      },
      {
        "title": "Red Hat: CVE-2016-1762",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-1762"
      },
      {
        "title": "Apple: tvOS 9.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ce338ecd7a3c82e55bcf20e44e532eea"
      },
      {
        "title": "Apple: watchOS 2.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0cbe3084baf2e465ecd2cc68ad686a9a"
      },
      {
        "title": "Ubuntu Security Notice: libxml2 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2994-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e21c0505f8306f0416606e1a2ec5e18e"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162957 - Security Advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML file",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ed475d816a8279c18b15a9aac8146ada"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.c",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1b5e8a6bfa7b3b48920376b728b6bbe2"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover mode",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7ad6e7048d3904deff82dbbe81adf528"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=17d0780fd9f0deb51d01d88ca9e90fe3"
      },
      {
        "title": "Apple: iOS 9.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3ae8bd7fcbbf51e9c7fe356687ecd0cf"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2016-719",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-719"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
      },
      {
        "title": "Symantec Security Advisories: SA129 : Multiple libxml2 Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=4306b2beef409e7d3306d20a4621babf"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-122",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 2.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10170"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2016:1292"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2994-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/85059"
      },
      {
        "trust": 1.8,
        "url": "http://xmlsoft.org/news.html"
      },
      {
        "trust": 1.8,
        "url": "https://bugzilla.gnome.org/show_bug.cgi?id=759671"
      },
      {
        "trust": 1.8,
        "url": "https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206166"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206168"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206169"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206171"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2016/dsa-3593"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1035353"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1762"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1762"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/accessibility/tvos/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/watchos-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10770\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024088"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024194"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa129"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986974"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989043"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990750"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3705"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3627"
      },
      {
        "trust": 0.2,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8806"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2073"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10170"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2994-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1755"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1775"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1771"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1782"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1786"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1785"
      },
      {
        "trust": 0.1,
        "url": "http://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2197"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "db": "BID",
        "id": "85059"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137613"
      },
      {
        "db": "PACKETSTORM",
        "id": "137335"
      },
      {
        "db": "PACKETSTORM",
        "id": "137298"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "db": "BID",
        "id": "85059"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137613"
      },
      {
        "db": "PACKETSTORM",
        "id": "137335"
      },
      {
        "db": "PACKETSTORM",
        "id": "137298"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "date": "2016-03-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "date": "2016-03-21T00:00:00",
        "db": "BID",
        "id": "85059"
      },
      {
        "date": "2016-03-22T15:12:44",
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "date": "2016-06-23T13:00:52",
        "db": "PACKETSTORM",
        "id": "137613"
      },
      {
        "date": "2016-06-07T07:41:54",
        "db": "PACKETSTORM",
        "id": "137335"
      },
      {
        "date": "2016-06-02T16:29:00",
        "db": "PACKETSTORM",
        "id": "137298"
      },
      {
        "date": "2016-03-22T15:20:32",
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2016-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "date": "2016-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "date": "2016-03-24T01:59:30.827000",
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90581"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1762"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "85059"
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      },
      {
        "date": "2016-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      },
      {
        "date": "2025-12-17T22:15:52.827000",
        "db": "NVD",
        "id": "CVE-2016-1762"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137613"
      },
      {
        "db": "PACKETSTORM",
        "id": "137298"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "libxml2 of  xmlNextChar Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001858"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-315"
      }
    ],
    "trust": 0.6
  }
}

VAR-201605-0464

Vulnerability from variot - Updated: 2025-12-22 22:47

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.2, watchOS 2.2.1, Mac OS X 10.11.5, and tvOS 9.2.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Summary:

An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Relevant releases/architectures:

Description:

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)

Multiple denial of service flaws were found in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all applications linked to the libxml2 library must be restarted, or the system rebooted.

Bugs fixed (https://bugzilla.redhat.com/):

1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar

Package List:

Red Hat Enterprise Linux HPC Node (v. 6):

Source: libxml2-2.7.6-21.el6_8.1.src.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Red Hat Enterprise Linux Server (v. 6):

Source: libxml2-2.7.6-21.el6_8.1.src.rpm

i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm

ppc64: libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm

s390x: libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-static-2.7.6-21.el6_8.1.s390x.rpm

x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: libxml2-2.7.6-21.el6_8.1.src.rpm

i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm

x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

ppc64le: libxml2-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-static-2.9.1-6.el7_2.3.ppc.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm

ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm

s390x: libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-static-2.9.1-6.el7_2.3.s390.rpm libxml2-static-2.9.1-6.el7_2.3.s390x.rpm

x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: libxml2-2.9.1-6.el7_2.3.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm ZsVLEgJAF0Zt6xZVzqvVW7U= =fREV -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-05-16-2 iOS 9.3.2

iOS 9.3.2 is now available and addresses the following:

Accessibility Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to determine kernel memory layout Description: A buffer overflow was addressed through improved size validation. CVE-ID CVE-2016-1790 : Rapelly Akhil

CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security

CommonCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig

CoreCapture Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative

Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero

Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro

ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire)

IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad

libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson

libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany

libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt

MapKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)

OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb

Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative

WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "9.3.2". From: Marc Deslauriers marc.deslauriers@canonical.com Reply-To: Ubuntu Security security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: 5755B7E3.5040103@canonical.com Subject: [USN-2994-1] libxml2 vulnerabilities

============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS