Search criteria

21 vulnerabilities found for nss by Mozilla

VAR-200911-0398

Vulnerability from variot - Updated: 2025-12-22 20:09

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server.

The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731).

The updated packages have been patched to correct these issues. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information.

Additionally the NSPR package has been upgraded to 4.8.4 that brings numerous upstream fixes.

This update provides the latest versions of NSS and NSPR libraries and for which NSS is not vulnerable to this attack. ----------------------------------------------------------------------

http://secunia.com/research/

http://secunia.com/company/jobs/open_positions/reverse_engineer

TITLE: Oracle Application Server Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA44293

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293

RELEASE DATE: 2011-04-24

DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/44293/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=44293

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data.

1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.

For more information see vulnerability #1: SA37291

2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data.

3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data.

For more information see vulnerability #3: SA44246

4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. * Oracle Application Server 10g Release 3 version 10.1.3.5.0.

SOLUTION: Apply updates (please see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2010:084 http://www.mandriva.com/security/

Package : java-1.6.0-openjdk Date : April 28, 2010 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0

Problem Description:

Multiple Java OpenJDK security vulnerabilities has been identified and fixed:

  • TLS: MITM attacks via session renegotiation (CVE-2009-3555).
  • Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082).
  • Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
  • File TOCTOU deserialization vulnerability (CVE-2010-0085).
  • Inflater/Deflater clone issues (CVE-2010-0088).
  • Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091).
  • AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092).
  • System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093).
  • Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094).
  • Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095).
  • JAR unpack200 must verify input parameters (CVE-2010-0837).
  • CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
  • Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840).
  • No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845)
  • ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
  • AWT Library Invalid Index Vulnerability (CVE-2010-0848).

Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885).

Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages:

  • plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474.

Packages for 2009.0 are provided due to the Extended Maintenance Program.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938 http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073

Updated Packages:

Mandriva Linux 2009.0: 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm

Mandriva Linux 2009.1: 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64: 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm

Mandriva Linux 2010.0: f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64: 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm

Mandriva Enterprise Server 5: 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64: 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW +oOtru3I2iYRjlx04fi7wMw= =rIwa -----END PGP SIGNATURE----- . HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier.

The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport

HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01

                                        http://security.gentoo.org/

Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

Background

Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages

Description

Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact.

A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"

All users of the Mozilla Firefox binary package should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"

All users of the Mozilla Thunderbird binary package should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"

All Mozilla SeaMonkey users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"

All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"

All NSS users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"

The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package:

# emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"

The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package:

# emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=

The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package:

# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"

The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package:

# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"

Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat:

# emerge --unmerge "www-client/icecat"

Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner:

# emerge --unmerge "net-libs/xulrunner"

Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner:

# emerge --unmerge "net-libs/xulrunner-bin"

References

[ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates

http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201301-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Background

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). -------------------------------------------------------------------

Description

Multiple vulnerabilities have been reported in the Oracle Java implementation. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as "build-only" and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example:

# java-config --set-system-vm sun-jdk-1.6

For more information, please consult the Gentoo Linux Java documentation. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.

For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1.

Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue.

This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Release Date: 2010-09-15 Last Updated: 2010-09-15

Potential Security Impact: Remote cross site scripting (XSS), HTTP response splitting, and other vulnerabilities

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), HTTP response splitting, Denial of Service (DoS), information disclosure, and data modification.

References: CVE-2010-3010 XSS

CVE-2010-3011 HTTP response splitting

CVE-2010-2068 Apache

CVE-2009-4143 PHP

CVE-2009-4018 PHP

CVE-2009-4017 PHP

CVE-2009-3555 SSL

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP System Management Homepage for Linux (x86) prior to v6.2 HP System Management Homepage for Linux (AMD64/EM64T) prior to v6.2 HP System Management Homepage for Windows prior to v6.2

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-3010 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-3011 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-4143 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-4018 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-4017 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided HP System Management Homepage v6.2 or subsequent to resolve the vulnerabilities.

HP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link.

http://www.hp.com/servers/manage/smh

PRODUCT SPECIFIC INFORMATION None

HISTORY Version:1 (rev.1) - 15 September 2010 Initial Release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

  • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyQ1mwACgkQ4B86/C0qfVnXFQCglbMn0B+FmCZvloAoXci/cEpU ceEAoNPOhpE7qN8Ckcf3HDXsfRydveyw =mQKh -----END PGP SIGNATURE----- . OpenSSL Security Advisory [11-Nov-2009] =======================================

A potentially serious flaw in SSL and TLS has been worked around in OpenSSL 0.9.8l.

Since many changes had occurred on the 0.9.8 branch without a public release it was decided to release 0.9.8l based on the last publicly tested release version 0.9.8k.

Man-in-the-middle Renegotiation Attack

A man-in-the-middle (MitM) can intercept an SSL connection and instead make his own connection to the server. He can then send arbitrary data and trigger a renegotiation using the client's original connection data.

From the server's point of view the client simply connected, sent data, renegotiated and continued.

From the client's point of view he connects to the server normally. There is no indication at the SSL level that the attack occurred. There may be indications at the level of the protocol layered on top of SSL, for example, unexpected or pipelined responses.

This attack can also be performed when the server requests a renegotiation - in this variant, the MitM would wait for the server's renegotiation request and at that point replay the clients original connection data.

Once the original client connection data has been replayed, the MitM can no longer inject data, nor can he read the traffic over the SSL connection in either direction. Because of the nature of the attack, this is only an effective defence when deployed on servers.

Servers that need renegotiation to function correctly obviously cannot deploy this fix without breakage.

Severity

Because of the enormous difficulty of analysing every possible attack on every protocol that is layered on SSL, the OpenSSL Team classify this as a severe issue and recommend that everyone who does not rely on renegotiation deploy 0.9.8l as soon as possible.

History

A small number of people knew about the problem in advance under NDA and a comprehensive fix was being developed. Unfortunately the issue was independently discovered and the details made public so a less than ideal brute force emergency fix had to be developed and released.

Future Plans

A TLS extension has been defined which will cryptographically bind the session before renegotiation to the session after.

Because renegotiation is, in practice, rarely used we will not be rushing the production of 0.9.8m, but will instead test interoperability with other implementations, and ensure the stability of the other fixes before release.

Acknowledgements

Thanks to Marsh Ray, who discovered the issue, and Steve Dispensa of PhoneFactor. Also thanks to ICASI who managed the early coordination of this issue.

References

CVE-2009-3555: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

TLS extension: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

URL for this Security Advisory: https://www.openssl.org/news/secadv_20091111.txt

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0398",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.1.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "9.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "0.8.22"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "8.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "9.10"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "10.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "11"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "8.10"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "14"
      },
      {
        "model": "nss",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.12.4"
      },
      {
        "model": "gnutls",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "gnu",
        "version": "2.8.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "13"
      },
      {
        "model": "http server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.14"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "barracuda",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "debian gnu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gnutls",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "http server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.2.15"
      },
      {
        "model": "http server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.3.6"
      },
      {
        "model": "db2",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.1 fp9"
      },
      {
        "model": "db2",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.5 fp6a"
      },
      {
        "model": "db2",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "9.7 fp2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.0.47.x"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sdk,",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "1.4.2"
      },
      {
        "model": "sdk,",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "1.5"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "firefox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "3.5.9"
      },
      {
        "model": "firefox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "3.6.2"
      },
      {
        "model": "seamonkey",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "2.0.4"
      },
      {
        "model": "thunderbird",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "3.0.4"
      },
      {
        "model": "openoffice.org",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openoffice",
        "version": "2.x"
      },
      {
        "model": "openoffice.org",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openoffice",
        "version": "3.2.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "proftpd",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "proftpd",
        "version": "1.3.2c"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "virtualcenter",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "vsphere update manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "vsphere update manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "vsphere update manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.3"
      },
      {
        "model": "opensolaris",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 10.1.0.5"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 10.2.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 10.2.0.4"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 10.2.0.5"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 11.1.0.7"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 11.2.0.1"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "server 11.2.0.2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.0 mp2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.0.2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.1.2.3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.1.3.5"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.1.4.0.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.1.4.3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.3.2"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.3.3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.1.1.2.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.1.1.3.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "7.0 sp7"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1 sp6"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1.6"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2 mp3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.3"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.4"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "sap sybase adaptive server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "sybase",
        "version": null
      },
      {
        "model": "jdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.0 update 25"
      },
      {
        "model": "jdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6 update 21"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.4.2_27"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5.0 update 25"
      },
      {
        "model": "jre",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6 update 21"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "(sparc)"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "(x86)"
      },
      {
        "model": "sdk",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "1.4.2_27"
      },
      {
        "model": "glassfish enterprise server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "v2.1.1"
      },
      {
        "model": "java enterprise system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "2005q4"
      },
      {
        "model": "java enterprise system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "5"
      },
      {
        "model": "java system application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8.0"
      },
      {
        "model": "java system application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8.1"
      },
      {
        "model": "java system application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8.2"
      },
      {
        "model": "java system web proxy server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "4.0 - 4.0.12"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "6.1"
      },
      {
        "model": "java system web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "7.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "8 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "3.0"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "3.0 (x64)"
      },
      {
        "model": "turbolinux client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2008"
      },
      {
        "model": "turbolinux fuji",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "( extended maintenance )"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10  ( extended maintenance )"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64) ( extended maintenance )"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11 (x64)"
      },
      {
        "model": "hp systems insight manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "7.0"
      },
      {
        "model": "hp virtual connect",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "8gb 24 port fiber channel module  3.00   (vc ( virtual connect ) 4.40  )"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "director",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "intelligencecenter",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "packetshaper",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "proxyclient",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "reporter",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "proxysg",
        "scope": null,
        "trust": 0.8,
        "vendor": "blue coat",
        "version": null
      },
      {
        "model": "sgos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "4"
      },
      {
        "model": "sgos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "5"
      },
      {
        "model": "sgos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "blue coat",
        "version": "6"
      },
      {
        "model": "windows 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x32)"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "none"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium)"
      },
      {
        "model": "windows server 2003",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(itanium)"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x86)"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(itanium)"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(x64)"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "none"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64)"
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp3"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.4.z (server)"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 extras"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 extras"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.7.z extras"
      },
      {
        "model": "enterprise linux extras",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8.z extras"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux hpc node supplementary",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux server supplementary",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "enterprise linux workstation supplementary",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "rhel desktop supplementary",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "rhel desktop supplementary",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "6"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "rhel supplementary",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "rhel supplementary eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.2.z (server)"
      },
      {
        "model": "rhel supplementary eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.3.z (server)"
      },
      {
        "model": "rhel supplementary eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.4.z (server)"
      },
      {
        "model": "csview",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "websam assetsuite",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "enterprise version 6"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard version 6"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 5"
      },
      {
        "model": "cosminexus client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "light version 6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional version 6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard version 6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 5"
      },
      {
        "model": "cosminexus developer\u0027s kit for java",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- standard edition version 4"
      },
      {
        "model": "cosminexus server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web edition version 4"
      },
      {
        "model": "cosminexus studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- standard edition version 4"
      },
      {
        "model": "cosminexus studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- web edition version 4"
      },
      {
        "model": "cosminexus studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 5"
      },
      {
        "model": "developer\u0027s kit for java",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "none"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "processing kit for xml",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "enterprise"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard"
      },
      {
        "model": "ucosminexus client",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "light"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard"
      },
      {
        "model": "ucosminexus operator",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus portal framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "entry set"
      },
      {
        "model": "ucosminexus service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "architect"
      },
      {
        "model": "ucosminexus service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "platform"
      },
      {
        "model": "hp virtual connect",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9",
        "version": null
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9 \u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba",
        "version": null
      },
      {
        "model": "hitachi web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:http_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:db2",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:http_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:java_sdk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:websphere_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:firefox",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:seamonkey",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:thunderbird",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:openoffice:openoffice.org",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:openssl:openssl",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:proftpd:proftpd",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:esx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:vcenter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:virtualcenter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:update_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:oracle:opensolaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:database_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:fusion_middleware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:oracle:solaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sybase:adaptive_server_enterprise",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:jdk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:jre",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:sun:opensolaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:sdk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:glassfish_enterprise_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:java_enterprise_system",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:java_system_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:java_system_web_proxy_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:sun:java_system_web_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:sun:solaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hp:systems_insight_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hp:virtual_connect",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:hp-ux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hp:matrix_operating_environment",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hp:systems_insight_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:director",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:intelligencecenter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:packetshaper",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:proxyav",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:bluecoat:proxyclient",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:bluecoat:reporter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:bluecoat:proxysg",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:bluecoat:sgos",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_2000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_7",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2003",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2008",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_vista",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_xp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:enterprise_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:enterprise_linux_hpc_node_supplementary",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:rhel_supplementary",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:rhel_supplementary_eus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:csview",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:websam_assetsuite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_client",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mandriva",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "89026"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2009-3555",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-3555",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-3555",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-001632",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-41001",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-3555",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-3555",
            "trust": 0.8,
            "value": "0"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-3555",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2011-001632",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "VULHUB",
            "id": "VHN-41001",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) The protocol includes renegotiation A vulnerability exists in the function. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Is a protocol that provides functions such as communication encryption and authentication. SSL and TLS The protocol includes renegotiation There are vulnerabilities due to functionality.A third party that can relay communication between the user and the server can insert arbitrary data at the beginning of the communication data under specific conditions. As a result, the attacker inserted HTTP The request may be sent to the server. \n \n The gnutls_x509_crt_get_serial function in the GnuTLS library before\n 1.2.1, when running on big-endian, 64-bit platforms, calls the\n asn1_read_value with a pointer to the wrong data type and the wrong\n length value, which allows remote attackers to bypass the certificate\n revocation list (CRL) check and cause a stack-based buffer overflow\n via a crafted X.509 certificate, related to extraction of a serial\n number (CVE-2010-0731). \n \n The updated packages have been patched to correct these issues. \n  - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes. \n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack. ----------------------------------------------------------------------\n\n\nhttp://secunia.com/research/\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Application Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44293\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44293/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nRELEASE DATE:\n2011-04-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44293/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44293/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Oracle Application\nServer, which can be exploited by malicious users and people to\nmanipulate certain data. \n\n1) An error exists in the C Oracle SSL API of the Oracle Security\nService component and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #1:\nSA37291\n\n2) An unspecified error in the Oracle HTTP Server component can be\nexploited to manipulate certain data. \n\n3) An error exists in the Midtier Infrastructure of the Portal\ncomponent and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #3:\nSA44246\n\n4) An unspecified error in the Single Sign On component can be\nexploited by authenticated users to manipulate certain data. \n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nIt is currently unclear who reported these vulnerabilities as the\nOracle Critical Patch Update for April 2011 only provides a bundled\nlist of credits. This section will be updated when/if the original\nreporter provides more information. \n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2010:084\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date    : April 28, 2010\n Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple Java OpenJDK security vulnerabilities has been identified\n and fixed:\n \n - TLS: MITM attacks via session renegotiation (CVE-2009-3555). \n - Loader-constraint table allows arrays instead of only the b\n ase-classes (CVE-2010-0082). \n - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). \n - File TOCTOU deserialization vulnerability (CVE-2010-0085). \n - Inflater/Deflater clone issues (CVE-2010-0088). \n - Unsigned applet can retrieve the dragged information before drop\n action occurs (CVE-2010-0091). \n - AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error\n (CVE-2010-0092). \n - System.arraycopy unable to reference elements beyond\n Integer.MAX_VALUE bytes (CVE-2010-0093). \n - Deserialization of RMIConnectionImpl objects should enforce stricter\n checks (CVE-2010-0094). \n - Subclasses of InetAddress may incorrectly interpret network addresses\n (CVE-2010-0095). \n - JAR unpack200 must verify input parameters (CVE-2010-0837). \n - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). \n - Applet Trusted Methods Chaining Privilege Escalation Vulner ability\n (CVE-2010-0840). \n - No ClassCastException for HashAttributeSet constructors if run with\n -Xcomp (CVE-2010-0845)\n - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). \n - AWT Library Invalid Index Vulnerability (CVE-2010-0848). \n \n Additional security issues that was fixed with IcedTea6 1.6.2:\n - deprecate MD2 in SSL cert validation (CVE-2009-2409). \n - ICC_Profile file existence detection information leak\n (CVE-2009-3728). \n - JRE AWT setDifflCM stack overflow (CVE-2009-3869). \n - JRE AWT setBytePixels heap overflow (CVE-2009-3871). \n - JPEG Image Writer quantization problem (CVE-2009-3873). \n - ImageI/O JPEG heap overflow (CVE-2009-3874). \n - MessageDigest.isEqual introduces timing attack vulnerabilities\n (CVE-2009-3875). \n - OpenJDK ASN.1/DER input stream parser denial of service\n (CVE-2009-3876, CVE-2009-3877)\n - GraphicsConfiguration information leak (CVE-2009-3879). \n - UI logging information leakage (CVE-2009-3880). \n - resurrected classloaders can still have children (CVE-2009-3881). \n - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). \n - Mutable statics in Windows PL\u0026F (findbugs) (CVE-2009-3883). \n - zoneinfo file existence information leak (CVE-2009-3884). \n - BMP parsing DoS with UNC ICC links (CVE-2009-3885). \n \n Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found\n and fixed a bug in IcedTea6 1.8 that is also applied to the provided\n packages:\n \n * plugin/icedteanp/IcedTeaNPPlugin.cc\n   (plugin_filter_environment): Increment malloc size by one to\n   account for\n   NULL terminator. Bug# 474. \n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938\n http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html\n http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 37c14ebea4b3ceccbecba4ffea2630a6  2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 3f7ba1d78aaf5f1ca56e86fcb48e7192  2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 12963efa8b4ea6691ba68f4e72e81e5d  2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 6387d4381c518c5658701c114c5fcb9d  2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n f90d2a22c10b6eb30aedef13207d346c  2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 01e62b54974a3d1b5232de0baa196e41  2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm \n 212262f34829af20e53fb2076fa78d25  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 630941e679a033285ddf5cb3e4c1d092  2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n 6330c6dda9cf7c59a90f529bceeee17b  2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n c7d708c5f14d710a6bdcc352bb18a55a  2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n edf4b1d8efeb157bb0f19b4c4cc55935  2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n ac9f8227297249940b1845f3ad95165f  2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n d1ed0ce1155c85c423d0cbe47eadfa5b  2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm \n 212262f34829af20e53fb2076fa78d25  2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 304bc2cab18b29781bfac69d4927ddce  2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 77f0d2e2b2c04288a5aae608a2f73f1a  2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 7ff7542b4328fd978725f8e0b02590d9  2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 3d1bf214209ea3aef86b58962e80901e  2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n f52cf5f8d3f85b98da246963d583f6bc  2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 87b2fd7ac9883e624e71faa993559e78  2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81  2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 883105d4347bb0864c7c73e4f0865066  2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n ac44d41806625e0be7a55ff30bf1f0e7  2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67db7247fbf1b5be5391f33603b9148c  2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 0b6e7a93df49306976453daf29a29d96  2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67e679d7aa4545a968889dcbb1a3fa8e  2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 4042e3ae7e3b2dbdcba0e73aadd219d5  2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81  2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n f3c1bb7b091d5889a856edf93e066367  2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 7f717091a34f98e9547c698bf08065f5  2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 21b8532c934559100b0dbc498ba3c52e  2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 8711fdef27cce9af73191903f85dbcd6  2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 1905269f878bb1c6367dedc6797f6914  2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n c5f53d24770de6704f00fdf34c87a703  2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm \n b789ff663963ae8b60a0d189b870907c  2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 100203d38e76348f262d69d2cae8a7ba  2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n f155019a4a22d7bf7265c67024dcbc33  2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 8eaf304d6eb93212d1045adc301de385  2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 2e2082bd89db22cf5fa4be2ebaceb71c  2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 3e7a1849db88a8b8ddcdf30441edfcb7  2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n fbc9da5e2080972f6f8c01f23e86890f  2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm \n b789ff663963ae8b60a0d189b870907c  2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 742a7a6dcc82962a132eadb91a2b1736  mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 3acd32ccd1fee71f07ccb4b038434ffd  mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n c3358ac84dbc950752655fee46fd5e4b  mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n a30ef6b33fd9ba1403ab46ef9643efdb  mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 534f95a18c4798ec80cdfe47bd1148a8  mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n e79e4bd9462096222f5b07d681b3d418  mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm \n 0bc580c8d4d6e57cbee939bf68743170  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 180566f92a5564c747c716ecdf082c8f  mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 5e05d90fe32dfce7b15db7d9e5604227  mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 09506c689ed0265023861e006fbcb624  mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n c9ff4a3a4695c56b13268d76c355cfbe  mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 0a70a54c2eed68e723cbc65de63bfbff  mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 166c980a8479cd915f3507070c25508e  mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm \n 0bc580c8d4d6e57cbee939bf68743170  mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW\n+oOtru3I2iYRjlx04fi7wMw=\n=rIwa\n-----END PGP SIGNATURE-----\n. \nHP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. \nHP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. \n\nThe latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport\n\nHP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201301-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Mozilla Products: Multiple vulnerabilities\n     Date: January 08, 2013\n     Bugs: #180159, #181361, #207261, #238535, #246602, #251322,\n           #255221, #255234, #255687, #257577, #260062, #261386,\n           #262704, #267234, #273918, #277752, #280226, #280234,\n           #280393, #282549, #284439, #286721, #290892, #292034,\n           #297532, #305689, #307045, #311021, #312361, #312645,\n           #312651, #312675, #312679, #312763, #313003, #324735,\n           #326341, #329279, #336396, #341821, #342847, #348316,\n           #357057, #360055, #360315, #365323, #373595, #379549,\n           #381245, #388045, #390771, #395431, #401701, #403183,\n           #404437, #408161, #413657, #419917, #427224, #433383,\n           #437780, #439586, #439960, #444318\n       ID: 201301-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which\nmay allow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. XULRunner is a Mozilla runtime package\nthat can be used to bootstrap XUL+XPCOM applications such as Firefox\nand Thunderbird. NSS is Mozilla\u0027s Network Security Services library\nthat implements PKI support. IceCat is the GNU version of Firefox. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  www-client/firefox          \u003c 10.0.11                 \u003e= 10.0.11\n  2  www-client/firefox-bin      \u003c 10.0.11                 \u003e= 10.0.11\n  3  mail-client/thunderbird     \u003c 10.0.11                 \u003e= 10.0.11\n  4  mail-client/thunderbird-bin\n                                 \u003c 10.0.11                 \u003e= 10.0.11\n  5  www-client/seamonkey        \u003c 2.14-r1                 \u003e= 2.14-r1\n  6  www-client/seamonkey-bin\n                                   \u003c 2.14                     \u003e= 2.14\n  7  dev-libs/nss                  \u003c 3.14                     \u003e= 3.14\n  8  www-client/mozilla-firefox\n                                  \u003c= 3.6.8                 Vulnerable!\n  9  www-client/mozilla-firefox-bin\n                                  \u003c= 3.5.6                 Vulnerable!\n 10  mail-client/mozilla-thunderbird\n                                \u003c= 3.0.4-r1                Vulnerable!\n 11  mail-client/mozilla-thunderbird-bin\n                                   \u003c= 3.0                  Vulnerable!\n 12  www-client/icecat           \u003c= 10.0-r1                Vulnerable!\n 13  net-libs/xulrunner          \u003c= 2.0-r1                 Vulnerable!\n 14  net-libs/xulrunner-bin     \u003c= 1.8.1.19                Vulnerable!\n    -------------------------------------------------------------------\n     NOTE: Certain packages are still vulnerable. Users should migrate\n           to another package if one is available or wait for the\n           existing packages to be marked stable by their\n           architecture maintainers. \n    -------------------------------------------------------------------\n     14 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nbypass restrictions and protection mechanisms, force file downloads,\nconduct XML injection attacks, conduct XSS attacks, bypass the Same\nOrigin Policy, spoof URL\u0027s for phishing attacks, trigger a vertical\nscroll, spoof the location bar, spoof an SSL indicator, modify the\nbrowser\u0027s font, conduct clickjacking attacks, or have other unspecified\nimpact. \n\nA local attacker could gain escalated privileges, obtain sensitive\ninformation, or replace an arbitrary downloaded file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.14-r1\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.14\"\n\nAll NSS users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.14\"\n\nThe \"www-client/mozilla-firefox\" package has been merged into the\n\"www-client/firefox\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox\" and then emerge the latest\n\"www-client/firefox\" package:\n\n  # emerge --sync\n  # emerge --unmerge \"www-client/mozilla-firefox\"\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nThe \"www-client/mozilla-firefox-bin\" package has been merged into the\n\"www-client/firefox-bin\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox-bin\" and then emerge the latest\n\"www-client/firefox-bin\" package:\n\n  # emerge --sync\n  # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nThe \"mail-client/mozilla-thunderbird\" package has been merged into the\n\"mail-client/thunderbird\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird\" and then emerge the latest\n\"mail-client/thunderbird\" package:\n\n  # emerge --sync\n  # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n  # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nThe \"mail-client/mozilla-thunderbird-bin\" package has been merged into\nthe \"mail-client/thunderbird-bin\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird-bin\" and then emerge the latest\n\"mail-client/thunderbird-bin\" package:\n\n  # emerge --sync\n  # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n  # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nGentoo discontinued support for GNU IceCat. We recommend that users\nunmerge GNU IceCat:\n\n  # emerge --unmerge \"www-client/icecat\"\n\nGentoo discontinued support for XULRunner. We recommend that users\nunmerge XULRunner:\n\n  # emerge --unmerge \"net-libs/xulrunner\"\n\nGentoo discontinued support for the XULRunner binary package. We\nrecommend that users unmerge XULRunner:\n\n  # emerge --unmerge \"net-libs/xulrunner-bin\"\n\nReferences\n==========\n\n[   1 ] CVE-2011-3101\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101\n[   2 ] CVE-2007-2436\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436\n[   3 ] CVE-2007-2437\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437\n[   4 ] CVE-2007-2671\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671\n[   5 ] CVE-2007-3073\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073\n[   6 ] CVE-2008-0016\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016\n[   7 ] CVE-2008-0017\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017\n[   8 ] CVE-2008-0367\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367\n[   9 ] CVE-2008-3835\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835\n[  10 ] CVE-2008-3836\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836\n[  11 ] CVE-2008-3837\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837\n[  12 ] CVE-2008-4058\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058\n[  13 ] CVE-2008-4059\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059\n[  14 ] CVE-2008-4060\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060\n[  15 ] CVE-2008-4061\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061\n[  16 ] CVE-2008-4062\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062\n[  17 ] CVE-2008-4063\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063\n[  18 ] CVE-2008-4064\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064\n[  19 ] CVE-2008-4065\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065\n[  20 ] CVE-2008-4066\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066\n[  21 ] CVE-2008-4067\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067\n[  22 ] CVE-2008-4068\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068\n[  23 ] CVE-2008-4069\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069\n[  24 ] CVE-2008-4070\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070\n[  25 ] CVE-2008-4582\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582\n[  26 ] CVE-2008-5012\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012\n[  27 ] CVE-2008-5013\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013\n[  28 ] CVE-2008-5014\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014\n[  29 ] CVE-2008-5015\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015\n[  30 ] CVE-2008-5016\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016\n[  31 ] CVE-2008-5017\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017\n[  32 ] CVE-2008-5018\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018\n[  33 ] CVE-2008-5019\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019\n[  34 ] CVE-2008-5021\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021\n[  35 ] CVE-2008-5022\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022\n[  36 ] CVE-2008-5023\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023\n[  37 ] CVE-2008-5024\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024\n[  38 ] CVE-2008-5052\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052\n[  39 ] CVE-2008-5500\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500\n[  40 ] CVE-2008-5501\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501\n[  41 ] CVE-2008-5502\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502\n[  42 ] CVE-2008-5503\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503\n[  43 ] CVE-2008-5504\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504\n[  44 ] CVE-2008-5505\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505\n[  45 ] CVE-2008-5506\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506\n[  46 ] CVE-2008-5507\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507\n[  47 ] CVE-2008-5508\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508\n[  48 ] CVE-2008-5510\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510\n[  49 ] CVE-2008-5511\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511\n[  50 ] CVE-2008-5512\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512\n[  51 ] CVE-2008-5513\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513\n[  52 ] CVE-2008-5822\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822\n[  53 ] CVE-2008-5913\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913\n[  54 ] CVE-2008-6961\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961\n[  55 ] CVE-2009-0071\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[  56 ] CVE-2009-0071\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[  57 ] CVE-2009-0352\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352\n[  58 ] CVE-2009-0353\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353\n[  59 ] CVE-2009-0354\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354\n[  60 ] CVE-2009-0355\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355\n[  61 ] CVE-2009-0356\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356\n[  62 ] CVE-2009-0357\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357\n[  63 ] CVE-2009-0358\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358\n[  64 ] CVE-2009-0652\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652\n[  65 ] CVE-2009-0771\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771\n[  66 ] CVE-2009-0772\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772\n[  67 ] CVE-2009-0773\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773\n[  68 ] CVE-2009-0774\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774\n[  69 ] CVE-2009-0775\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775\n[  70 ] CVE-2009-0776\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776\n[  71 ] CVE-2009-0777\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777\n[  72 ] CVE-2009-1044\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044\n[  73 ] CVE-2009-1169\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169\n[  74 ] CVE-2009-1302\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302\n[  75 ] CVE-2009-1303\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303\n[  76 ] CVE-2009-1304\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304\n[  77 ] CVE-2009-1305\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305\n[  78 ] CVE-2009-1306\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306\n[  79 ] CVE-2009-1307\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307\n[  80 ] CVE-2009-1308\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308\n[  81 ] CVE-2009-1309\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309\n[  82 ] CVE-2009-1310\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310\n[  83 ] CVE-2009-1311\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311\n[  84 ] CVE-2009-1312\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312\n[  85 ] CVE-2009-1313\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313\n[  86 ] CVE-2009-1392\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392\n[  87 ] CVE-2009-1563\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563\n[  88 ] CVE-2009-1571\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571\n[  89 ] CVE-2009-1828\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828\n[  90 ] CVE-2009-1832\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832\n[  91 ] CVE-2009-1833\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833\n[  92 ] CVE-2009-1834\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834\n[  93 ] CVE-2009-1835\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835\n[  94 ] CVE-2009-1836\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836\n[  95 ] CVE-2009-1837\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837\n[  96 ] CVE-2009-1838\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838\n[  97 ] CVE-2009-1839\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839\n[  98 ] CVE-2009-1840\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840\n[  99 ] CVE-2009-1841\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841\n[ 100 ] CVE-2009-2043\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043\n[ 101 ] CVE-2009-2044\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044\n[ 102 ] CVE-2009-2061\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061\n[ 103 ] CVE-2009-2065\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065\n[ 104 ] CVE-2009-2210\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210\n[ 105 ] CVE-2009-2404\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404\n[ 106 ] CVE-2009-2408\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408\n[ 107 ] CVE-2009-2462\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462\n[ 108 ] CVE-2009-2463\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463\n[ 109 ] CVE-2009-2464\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464\n[ 110 ] CVE-2009-2465\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465\n[ 111 ] CVE-2009-2466\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466\n[ 112 ] CVE-2009-2467\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467\n[ 113 ] CVE-2009-2469\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469\n[ 114 ] CVE-2009-2470\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470\n[ 115 ] CVE-2009-2471\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471\n[ 116 ] CVE-2009-2472\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472\n[ 117 ] CVE-2009-2477\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477\n[ 118 ] CVE-2009-2478\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478\n[ 119 ] CVE-2009-2479\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479\n[ 120 ] CVE-2009-2535\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535\n[ 121 ] CVE-2009-2654\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654\n[ 122 ] CVE-2009-2662\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662\n[ 123 ] CVE-2009-2664\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664\n[ 124 ] CVE-2009-2665\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665\n[ 125 ] CVE-2009-3069\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069\n[ 126 ] CVE-2009-3070\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070\n[ 127 ] CVE-2009-3071\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071\n[ 128 ] CVE-2009-3072\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072\n[ 129 ] CVE-2009-3074\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074\n[ 130 ] CVE-2009-3075\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075\n[ 131 ] CVE-2009-3076\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076\n[ 132 ] CVE-2009-3077\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077\n[ 133 ] CVE-2009-3078\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078\n[ 134 ] CVE-2009-3079\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079\n[ 135 ] CVE-2009-3274\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274\n[ 136 ] CVE-2009-3371\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371\n[ 137 ] CVE-2009-3372\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372\n[ 138 ] CVE-2009-3373\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373\n[ 139 ] CVE-2009-3374\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374\n[ 140 ] CVE-2009-3375\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375\n[ 141 ] CVE-2009-3376\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376\n[ 142 ] CVE-2009-3377\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377\n[ 143 ] CVE-2009-3378\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378\n[ 144 ] CVE-2009-3379\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379\n[ 145 ] CVE-2009-3380\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380\n[ 146 ] CVE-2009-3381\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381\n[ 147 ] CVE-2009-3382\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382\n[ 148 ] CVE-2009-3383\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383\n[ 149 ] CVE-2009-3388\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388\n[ 150 ] CVE-2009-3389\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389\n[ 151 ] CVE-2009-3555\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 152 ] CVE-2009-3978\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978\n[ 153 ] CVE-2009-3979\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979\n[ 154 ] CVE-2009-3980\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980\n[ 155 ] CVE-2009-3981\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981\n[ 156 ] CVE-2009-3982\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982\n[ 157 ] CVE-2009-3983\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983\n[ 158 ] CVE-2009-3984\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984\n[ 159 ] CVE-2009-3985\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985\n[ 160 ] CVE-2009-3986\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986\n[ 161 ] CVE-2009-3987\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987\n[ 162 ] CVE-2009-3988\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988\n[ 163 ] CVE-2010-0159\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159\n[ 164 ] CVE-2010-0160\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160\n[ 165 ] CVE-2010-0162\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162\n[ 166 ] CVE-2010-0163\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163\n[ 167 ] CVE-2010-0164\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164\n[ 168 ] CVE-2010-0165\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165\n[ 169 ] CVE-2010-0166\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166\n[ 170 ] CVE-2010-0167\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 171 ] CVE-2010-0167\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 172 ] CVE-2010-0168\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168\n[ 173 ] CVE-2010-0169\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 174 ] CVE-2010-0169\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 175 ] CVE-2010-0170\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170\n[ 176 ] CVE-2010-0171\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 177 ] CVE-2010-0171\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 178 ] CVE-2010-0172\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172\n[ 179 ] CVE-2010-0173\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173\n[ 180 ] CVE-2010-0174\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 181 ] CVE-2010-0174\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 182 ] CVE-2010-0175\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 183 ] CVE-2010-0175\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 184 ] CVE-2010-0176\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 185 ] CVE-2010-0176\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 186 ] CVE-2010-0177\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177\n[ 187 ] CVE-2010-0178\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178\n[ 188 ] CVE-2010-0179\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179\n[ 189 ] CVE-2010-0181\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181\n[ 190 ] CVE-2010-0182\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182\n[ 191 ] CVE-2010-0183\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183\n[ 192 ] CVE-2010-0220\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220\n[ 193 ] CVE-2010-0648\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648\n[ 194 ] CVE-2010-0654\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654\n[ 195 ] CVE-2010-1028\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028\n[ 196 ] CVE-2010-1121\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121\n[ 197 ] CVE-2010-1125\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125\n[ 198 ] CVE-2010-1196\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196\n[ 199 ] CVE-2010-1197\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197\n[ 200 ] CVE-2010-1198\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198\n[ 201 ] CVE-2010-1199\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199\n[ 202 ] CVE-2010-1200\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200\n[ 203 ] CVE-2010-1201\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201\n[ 204 ] CVE-2010-1202\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202\n[ 205 ] CVE-2010-1203\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203\n[ 206 ] CVE-2010-1205\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 207 ] CVE-2010-1206\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206\n[ 208 ] CVE-2010-1207\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207\n[ 209 ] CVE-2010-1208\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208\n[ 210 ] CVE-2010-1209\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209\n[ 211 ] CVE-2010-1210\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210\n[ 212 ] CVE-2010-1211\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211\n[ 213 ] CVE-2010-1212\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212\n[ 214 ] CVE-2010-1213\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213\n[ 215 ] CVE-2010-1214\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214\n[ 216 ] CVE-2010-1215\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215\n[ 217 ] CVE-2010-1585\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585\n[ 218 ] CVE-2010-2751\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751\n[ 219 ] CVE-2010-2752\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752\n[ 220 ] CVE-2010-2753\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753\n[ 221 ] CVE-2010-2754\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754\n[ 222 ] CVE-2010-2755\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755\n[ 223 ] CVE-2010-2760\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760\n[ 224 ] CVE-2010-2762\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762\n[ 225 ] CVE-2010-2763\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763\n[ 226 ] CVE-2010-2764\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764\n[ 227 ] CVE-2010-2765\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765\n[ 228 ] CVE-2010-2766\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766\n[ 229 ] CVE-2010-2767\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767\n[ 230 ] CVE-2010-2768\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768\n[ 231 ] CVE-2010-2769\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769\n[ 232 ] CVE-2010-2770\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770\n[ 233 ] CVE-2010-3131\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131\n[ 234 ] CVE-2010-3166\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166\n[ 235 ] CVE-2010-3167\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167\n[ 236 ] CVE-2010-3168\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168\n[ 237 ] CVE-2010-3169\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169\n[ 238 ] CVE-2010-3170\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170\n[ 239 ] CVE-2010-3171\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171\n[ 240 ] CVE-2010-3173\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173\n[ 241 ] CVE-2010-3174\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174\n[ 242 ] CVE-2010-3175\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175\n[ 243 ] CVE-2010-3176\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176\n[ 244 ] CVE-2010-3177\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177\n[ 245 ] CVE-2010-3178\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178\n[ 246 ] CVE-2010-3179\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179\n[ 247 ] CVE-2010-3180\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180\n[ 248 ] CVE-2010-3182\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182\n[ 249 ] CVE-2010-3183\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183\n[ 250 ] CVE-2010-3399\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399\n[ 251 ] CVE-2010-3400\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400\n[ 252 ] CVE-2010-3765\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765\n[ 253 ] CVE-2010-3766\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766\n[ 254 ] CVE-2010-3767\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767\n[ 255 ] CVE-2010-3768\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768\n[ 256 ] CVE-2010-3769\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769\n[ 257 ] CVE-2010-3770\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770\n[ 258 ] CVE-2010-3771\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771\n[ 259 ] CVE-2010-3772\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772\n[ 260 ] CVE-2010-3773\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773\n[ 261 ] CVE-2010-3774\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774\n[ 262 ] CVE-2010-3775\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775\n[ 263 ] CVE-2010-3776\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776\n[ 264 ] CVE-2010-3777\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777\n[ 265 ] CVE-2010-3778\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778\n[ 266 ] CVE-2010-4508\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508\n[ 267 ] CVE-2010-5074\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074\n[ 268 ] CVE-2011-0051\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051\n[ 269 ] CVE-2011-0053\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053\n[ 270 ] CVE-2011-0054\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054\n[ 271 ] CVE-2011-0055\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055\n[ 272 ] CVE-2011-0056\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056\n[ 273 ] CVE-2011-0057\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057\n[ 274 ] CVE-2011-0058\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058\n[ 275 ] CVE-2011-0059\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059\n[ 276 ] CVE-2011-0061\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061\n[ 277 ] CVE-2011-0062\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062\n[ 278 ] CVE-2011-0065\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065\n[ 279 ] CVE-2011-0066\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066\n[ 280 ] CVE-2011-0067\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067\n[ 281 ] CVE-2011-0068\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068\n[ 282 ] CVE-2011-0069\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069\n[ 283 ] CVE-2011-0070\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070\n[ 284 ] CVE-2011-0071\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071\n[ 285 ] CVE-2011-0072\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072\n[ 286 ] CVE-2011-0073\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073\n[ 287 ] CVE-2011-0074\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074\n[ 288 ] CVE-2011-0075\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075\n[ 289 ] CVE-2011-0076\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076\n[ 290 ] CVE-2011-0077\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077\n[ 291 ] CVE-2011-0078\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078\n[ 292 ] CVE-2011-0079\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079\n[ 293 ] CVE-2011-0080\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080\n[ 294 ] CVE-2011-0081\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081\n[ 295 ] CVE-2011-0082\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082\n[ 296 ] CVE-2011-0083\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083\n[ 297 ] CVE-2011-0084\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084\n[ 298 ] CVE-2011-0085\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085\n[ 299 ] CVE-2011-1187\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187\n[ 300 ] CVE-2011-1202\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202\n[ 301 ] CVE-2011-1712\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712\n[ 302 ] CVE-2011-2362\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362\n[ 303 ] CVE-2011-2363\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363\n[ 304 ] CVE-2011-2364\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364\n[ 305 ] CVE-2011-2365\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365\n[ 306 ] CVE-2011-2369\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369\n[ 307 ] CVE-2011-2370\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370\n[ 308 ] CVE-2011-2371\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371\n[ 309 ] CVE-2011-2372\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372\n[ 310 ] CVE-2011-2373\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373\n[ 311 ] CVE-2011-2374\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374\n[ 312 ] CVE-2011-2375\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375\n[ 313 ] CVE-2011-2376\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376\n[ 314 ] CVE-2011-2377\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377\n[ 315 ] CVE-2011-2378\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378\n[ 316 ] CVE-2011-2605\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605\n[ 317 ] CVE-2011-2980\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980\n[ 318 ] CVE-2011-2981\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981\n[ 319 ] CVE-2011-2982\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982\n[ 320 ] CVE-2011-2983\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983\n[ 321 ] CVE-2011-2984\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984\n[ 322 ] CVE-2011-2985\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985\n[ 323 ] CVE-2011-2986\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986\n[ 324 ] CVE-2011-2987\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987\n[ 325 ] CVE-2011-2988\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988\n[ 326 ] CVE-2011-2989\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989\n[ 327 ] CVE-2011-2990\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990\n[ 328 ] CVE-2011-2991\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991\n[ 329 ] CVE-2011-2993\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993\n[ 330 ] CVE-2011-2995\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995\n[ 331 ] CVE-2011-2996\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996\n[ 332 ] CVE-2011-2997\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997\n[ 333 ] CVE-2011-2998\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998\n[ 334 ] CVE-2011-2999\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999\n[ 335 ] CVE-2011-3000\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000\n[ 336 ] CVE-2011-3001\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001\n[ 337 ] CVE-2011-3002\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002\n[ 338 ] CVE-2011-3003\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003\n[ 339 ] CVE-2011-3004\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004\n[ 340 ] CVE-2011-3005\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005\n[ 341 ] CVE-2011-3026\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 342 ] CVE-2011-3062\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062\n[ 343 ] CVE-2011-3232\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232\n[ 344 ] CVE-2011-3389\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 345 ] CVE-2011-3640\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640\n[ 346 ] CVE-2011-3647\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647\n[ 347 ] CVE-2011-3648\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648\n[ 348 ] CVE-2011-3649\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649\n[ 349 ] CVE-2011-3650\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650\n[ 350 ] CVE-2011-3651\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651\n[ 351 ] CVE-2011-3652\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652\n[ 352 ] CVE-2011-3653\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653\n[ 353 ] CVE-2011-3654\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654\n[ 354 ] CVE-2011-3655\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655\n[ 355 ] CVE-2011-3658\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658\n[ 356 ] CVE-2011-3659\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659\n[ 357 ] CVE-2011-3660\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660\n[ 358 ] CVE-2011-3661\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661\n[ 359 ] CVE-2011-3663\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663\n[ 360 ] CVE-2011-3665\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665\n[ 361 ] CVE-2011-3670\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670\n[ 362 ] CVE-2011-3866\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866\n[ 363 ] CVE-2011-4688\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688\n[ 364 ] CVE-2012-0441\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441\n[ 365 ] CVE-2012-0442\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442\n[ 366 ] CVE-2012-0443\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443\n[ 367 ] CVE-2012-0444\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444\n[ 368 ] CVE-2012-0445\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445\n[ 369 ] CVE-2012-0446\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446\n[ 370 ] CVE-2012-0447\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447\n[ 371 ] CVE-2012-0449\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449\n[ 372 ] CVE-2012-0450\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450\n[ 373 ] CVE-2012-0451\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451\n[ 374 ] CVE-2012-0452\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452\n[ 375 ] CVE-2012-0455\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455\n[ 376 ] CVE-2012-0456\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456\n[ 377 ] CVE-2012-0457\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457\n[ 378 ] CVE-2012-0458\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458\n[ 379 ] CVE-2012-0459\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459\n[ 380 ] CVE-2012-0460\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460\n[ 381 ] CVE-2012-0461\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461\n[ 382 ] CVE-2012-0462\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462\n[ 383 ] CVE-2012-0463\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463\n[ 384 ] CVE-2012-0464\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464\n[ 385 ] CVE-2012-0467\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467\n[ 386 ] CVE-2012-0468\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468\n[ 387 ] CVE-2012-0469\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469\n[ 388 ] CVE-2012-0470\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470\n[ 389 ] CVE-2012-0471\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471\n[ 390 ] CVE-2012-0473\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473\n[ 391 ] CVE-2012-0474\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474\n[ 392 ] CVE-2012-0475\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475\n[ 393 ] CVE-2012-0477\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477\n[ 394 ] CVE-2012-0478\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478\n[ 395 ] CVE-2012-0479\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479\n[ 396 ] CVE-2012-1937\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937\n[ 397 ] CVE-2012-1938\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938\n[ 398 ] CVE-2012-1939\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939\n[ 399 ] CVE-2012-1940\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940\n[ 400 ] CVE-2012-1941\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941\n[ 401 ] CVE-2012-1945\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945\n[ 402 ] CVE-2012-1946\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946\n[ 403 ] CVE-2012-1947\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947\n[ 404 ] CVE-2012-1948\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948\n[ 405 ] CVE-2012-1949\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949\n[ 406 ] CVE-2012-1950\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950\n[ 407 ] CVE-2012-1951\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951\n[ 408 ] CVE-2012-1952\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952\n[ 409 ] CVE-2012-1953\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953\n[ 410 ] CVE-2012-1954\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954\n[ 411 ] CVE-2012-1955\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955\n[ 412 ] CVE-2012-1956\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956\n[ 413 ] CVE-2012-1957\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957\n[ 414 ] CVE-2012-1958\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958\n[ 415 ] CVE-2012-1959\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959\n[ 416 ] CVE-2012-1960\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960\n[ 417 ] CVE-2012-1961\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961\n[ 418 ] CVE-2012-1962\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962\n[ 419 ] CVE-2012-1963\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963\n[ 420 ] CVE-2012-1964\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964\n[ 421 ] CVE-2012-1965\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965\n[ 422 ] CVE-2012-1966\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966\n[ 423 ] CVE-2012-1967\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967\n[ 424 ] CVE-2012-1970\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970\n[ 425 ] CVE-2012-1971\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971\n[ 426 ] CVE-2012-1972\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972\n[ 427 ] CVE-2012-1973\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973\n[ 428 ] CVE-2012-1974\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974\n[ 429 ] CVE-2012-1975\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975\n[ 430 ] CVE-2012-1976\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976\n[ 431 ] CVE-2012-1994\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994\n[ 432 ] CVE-2012-3956\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956\n[ 433 ] CVE-2012-3957\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957\n[ 434 ] CVE-2012-3958\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958\n[ 435 ] CVE-2012-3959\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959\n[ 436 ] CVE-2012-3960\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960\n[ 437 ] CVE-2012-3961\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961\n[ 438 ] CVE-2012-3962\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962\n[ 439 ] CVE-2012-3963\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963\n[ 440 ] CVE-2012-3964\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964\n[ 441 ] CVE-2012-3965\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965\n[ 442 ] CVE-2012-3966\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966\n[ 443 ] CVE-2012-3967\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967\n[ 444 ] CVE-2012-3968\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968\n[ 445 ] CVE-2012-3969\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969\n[ 446 ] CVE-2012-3970\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970\n[ 447 ] CVE-2012-3971\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971\n[ 448 ] CVE-2012-3972\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972\n[ 449 ] CVE-2012-3973\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973\n[ 450 ] CVE-2012-3975\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975\n[ 451 ] CVE-2012-3976\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976\n[ 452 ] CVE-2012-3977\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977\n[ 453 ] CVE-2012-3978\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978\n[ 454 ] CVE-2012-3980\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980\n[ 455 ] CVE-2012-3982\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982\n[ 456 ] CVE-2012-3984\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984\n[ 457 ] CVE-2012-3985\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985\n[ 458 ] CVE-2012-3986\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986\n[ 459 ] CVE-2012-3988\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988\n[ 460 ] CVE-2012-3989\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989\n[ 461 ] CVE-2012-3990\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990\n[ 462 ] CVE-2012-3991\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991\n[ 463 ] CVE-2012-3992\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992\n[ 464 ] CVE-2012-3993\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993\n[ 465 ] CVE-2012-3994\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994\n[ 466 ] CVE-2012-3995\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995\n[ 467 ] CVE-2012-4179\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179\n[ 468 ] CVE-2012-4180\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180\n[ 469 ] CVE-2012-4181\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181\n[ 470 ] CVE-2012-4182\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182\n[ 471 ] CVE-2012-4183\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183\n[ 472 ] CVE-2012-4184\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184\n[ 473 ] CVE-2012-4185\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185\n[ 474 ] CVE-2012-4186\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186\n[ 475 ] CVE-2012-4187\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187\n[ 476 ] CVE-2012-4188\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188\n[ 477 ] CVE-2012-4190\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190\n[ 478 ] CVE-2012-4191\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191\n[ 479 ] CVE-2012-4192\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192\n[ 480 ] CVE-2012-4193\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193\n[ 481 ] CVE-2012-4194\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194\n[ 482 ] CVE-2012-4195\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195\n[ 483 ] CVE-2012-4196\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196\n[ 484 ] CVE-2012-4201\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201\n[ 485 ] CVE-2012-4202\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202\n[ 486 ] CVE-2012-4204\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204\n[ 487 ] CVE-2012-4205\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205\n[ 488 ] CVE-2012-4206\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206\n[ 489 ] CVE-2012-4207\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207\n[ 490 ] CVE-2012-4208\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208\n[ 491 ] CVE-2012-4209\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209\n[ 492 ] CVE-2012-4210\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210\n[ 493 ] CVE-2012-4212\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212\n[ 494 ] CVE-2012-4215\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215\n[ 495 ] CVE-2012-4216\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216\n[ 496 ] CVE-2012-5354\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354\n[ 497 ] CVE-2012-5829\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829\n[ 498 ] CVE-2012-5830\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830\n[ 499 ] CVE-2012-5833\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833\n[ 500 ] CVE-2012-5835\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835\n[ 501 ] CVE-2012-5836\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836\n[ 502 ] CVE-2012-5838\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838\n[ 503 ] CVE-2012-5839\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839\n[ 504 ] CVE-2012-5840\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840\n[ 505 ] CVE-2012-5841\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841\n[ 506 ] CVE-2012-5842\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842\n[ 507 ] CVE-2012-5843\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843\n[ 508 ] Firefox Blocking Fraudulent Certificates\n\nhttp://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=\nertificates/\n[ 509 ] Mozilla Foundation Security Advisory 2011-11\n        http://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n[ 510 ] Mozilla Foundation Security Advisory 2011-34\n        http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n    -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. All 1.5 JRE versions are masked\nand will be removed shortly. All 1.5 JDK versions are marked as\n\"build-only\" and will be masked for removal shortly. Users are advised\nto change their default user and system Java implementation to an\nunaffected version. For example:\n\n    # java-config --set-system-vm sun-jdk-1.6\n\nFor more information, please consult the Gentoo Linux Java\ndocumentation.  Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack. \n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1. \n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution.  This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code.  A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability.  This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue. \n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM.  If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the \"java\" command. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nRelease Date: 2010-09-15\nLast Updated: 2010-09-15\n\nPotential Security Impact: Remote cross site scripting (XSS), HTTP response splitting, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), HTTP response splitting, Denial of Service (DoS), information disclosure, and data modification. \n\nReferences: CVE-2010-3010\n XSS\n\nCVE-2010-3011\n HTTP response splitting\n\nCVE-2010-2068\n Apache\n\nCVE-2009-4143\n PHP\n\nCVE-2009-4018\n PHP\n\nCVE-2009-4017\n PHP\n\nCVE-2009-3555\n SSL\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP System Management Homepage for Linux (x86) prior to v6.2\nHP System Management Homepage for Linux (AMD64/EM64T) prior to v6.2\nHP System Management Homepage for Windows prior to v6.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-3010    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2010-3011    (AV:N/AC:L/Au:N/C:N/I:P/A:N)       5.0\nCVE-2010-2068    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2009-4143    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2009-4018    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2009-4017    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2009-3555    (AV:N/AC:L/Au:N/C:N/I:P/A:P)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v6.2 or subsequent to resolve the vulnerabilities. \n\nHP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link. \n\nhttp://www.hp.com/servers/manage/smh\n\nPRODUCT SPECIFIC INFORMATION\nNone\n\nHISTORY\nVersion:1 (rev.1) - 15 September 2010 Initial Release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkyQ1mwACgkQ4B86/C0qfVnXFQCglbMn0B+FmCZvloAoXci/cEpU\nceEAoNPOhpE7qN8Ckcf3HDXsfRydveyw\n=mQKh\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [11-Nov-2009]\n=======================================\n\nA potentially serious flaw in SSL and TLS has been worked around in\nOpenSSL 0.9.8l. \n\nSince many changes had occurred on the 0.9.8 branch without a public\nrelease it was decided to release 0.9.8l based on the last publicly\ntested release version 0.9.8k. \n\nMan-in-the-middle Renegotiation Attack\n======================================\n\nA man-in-the-middle (MitM) can intercept an SSL connection and instead\nmake his own connection to the server. He can then send arbitrary data\nand trigger a renegotiation using the client\u0027s original connection\ndata. \n\nFrom the server\u0027s point of view the client simply connected, sent\ndata, renegotiated and continued. \n\nFrom the client\u0027s point of view he connects to the server\nnormally. There is no indication at the SSL level that the attack\noccurred. There may be indications at the level of the protocol\nlayered on top of SSL, for example, unexpected or pipelined responses. \n\nThis attack can also be performed when the server requests a\nrenegotiation - in this variant, the MitM would wait for the server\u0027s\nrenegotiation request and at that point replay the clients original\nconnection data. \n\nOnce the original client connection data has been replayed, the MitM\ncan no longer inject data, nor can he read the traffic over the SSL\nconnection in either direction. Because of the\nnature of the attack, this is only an effective defence when deployed\non servers. \n\nServers that need renegotiation to function correctly obviously cannot\ndeploy this fix without breakage. \n\nSeverity\n========\n\nBecause of the enormous difficulty of analysing every possible attack\non every protocol that is layered on SSL, the OpenSSL Team classify\nthis as a severe issue and recommend that everyone who does not rely\non renegotiation deploy 0.9.8l as soon as possible. \n\nHistory\n=======\n\nA small number of people knew about the problem in advance under NDA\nand a comprehensive fix was being developed. Unfortunately the issue\nwas independently discovered and the details made public so a less\nthan ideal brute force emergency fix had to be developed and released. \n\nFuture Plans\n============\n\nA TLS extension has been defined which will cryptographically bind the\nsession before renegotiation to the session after. \n\nBecause renegotiation is, in practice, rarely used we will not be\nrushing the production of 0.9.8m, but will instead test\ninteroperability with other implementations, and ensure the stability\nof the other fixes before release. \n\nAcknowledgements\n================\n\nThanks to Marsh Ray, who discovered the issue, and Steve Dispensa of\nPhoneFactor. Also thanks to ICASI who managed the early coordination\nof this issue. \n\nReferences\n===========\n\nCVE-2009-3555:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\nTLS extension:\nhttps://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20091111.txt\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "100761"
      },
      {
        "db": "PACKETSTORM",
        "id": "89026"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "PACKETSTORM",
        "id": "119293"
      },
      {
        "db": "PACKETSTORM",
        "id": "90286"
      },
      {
        "db": "PACKETSTORM",
        "id": "98469"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "PACKETSTORM",
        "id": "93944"
      },
      {
        "db": "PACKETSTORM",
        "id": "169645"
      },
      {
        "db": "PACKETSTORM",
        "id": "111583"
      }
    ],
    "trust": 4.41
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-41001",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-3555",
        "trust": 5.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#120541",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "38020",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "39242",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "39243",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "37453",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "40747",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "39500",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "39136",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0086",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3310",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0982",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3126",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3313",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3086",
        "trust": 1.9
      },
      {
        "db": "USCERT",
        "id": "TA10-222A",
        "trust": 1.9
      },
      {
        "db": "BID",
        "id": "36935",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "38781",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42377",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37501",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39632",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37604",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41972",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "43308",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38241",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37859",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "40070",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41818",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39292",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42816",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42379",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39317",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42467",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37320",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37640",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37656",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37383",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42724",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38003",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44183",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42733",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38484",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "40545",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "40866",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38056",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39278",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42808",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37675",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39127",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39461",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39819",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41490",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39628",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44954",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "48577",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "42811",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37291",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41480",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37292",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37399",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "39713",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "38687",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "37504",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "41967",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023217",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023273",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023274",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023206",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023272",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023427",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023218",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023163",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023214",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023211",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023219",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023216",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1024789",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023148",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023213",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023271",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023243",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023209",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023215",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023208",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023411",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023204",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023224",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023210",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023207",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023426",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023428",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023205",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023275",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023270",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1023212",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2745",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3353",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3069",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3354",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3484",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1793",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0033",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3220",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2010",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1639",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1107",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0916",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3164",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0032",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0086",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0748",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1350",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3521",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0994",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1191",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0173",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3587",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0933",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3205",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1054",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0848",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1673",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3165",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/05/3",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/07/3",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/23/10",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/05/5",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/20/1",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2009/11/06/3",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "65202",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "62210",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "60521",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "60972",
        "trust": 1.1
      },
      {
        "db": "HITACHI",
        "id": "HS10-030",
        "trust": 1.1
      },
      {
        "db": "USCERT",
        "id": "TA10-287A",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "44293",
        "trust": 0.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0212",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0125",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-1039",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1942",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2046",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0457",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2660",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1280",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3393",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "38608",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "38728",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "38338",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "44260",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "37566",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "40879",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "44292",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA10-222A",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-160-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95298925",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "130868",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "88167",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "89136",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "88698",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "90286",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "10071",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "10579",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82657",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82770",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83271",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90262",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88173",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "91309",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "120365",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106155",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83415",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111273",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83414",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92095",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "120714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "94087",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "97489",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "95279",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "102374",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106156",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92497",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88621",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "94088",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "89667",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "84112",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127267",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "84183",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86075",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114810",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88224",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "123380",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "84181",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-069",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-67231",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169645",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "93944",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "100761",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "89026",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111583",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106754",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "119293",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98469",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111920",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "PACKETSTORM",
        "id": "169645"
      },
      {
        "db": "PACKETSTORM",
        "id": "93944"
      },
      {
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "100761"
      },
      {
        "db": "PACKETSTORM",
        "id": "89026"
      },
      {
        "db": "PACKETSTORM",
        "id": "111583"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "PACKETSTORM",
        "id": "119293"
      },
      {
        "db": "PACKETSTORM",
        "id": "90286"
      },
      {
        "db": "PACKETSTORM",
        "id": "98469"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "id": "VAR-200911-0398",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-12-22T20:09:13.451000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBHF03293",
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
      },
      {
        "title": "Changes with Apache 2.2.15",
        "trust": 0.8,
        "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.15"
      },
      {
        "title": "Changes with Apache 2.3.6",
        "trust": 0.8,
        "url": "http://www.apache.org/dist/httpd/CHANGES_2.3.6"
      },
      {
        "title": "HT4170",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4170"
      },
      {
        "title": "HT4418",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4418"
      },
      {
        "title": "HT4171",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4171"
      },
      {
        "title": "HT4004",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4004"
      },
      {
        "title": "HT4417",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4417"
      },
      {
        "title": "HT4004",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4004?viewlocale=ja_JP"
      },
      {
        "title": "HT4417",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4417?viewlocale=ja_JP"
      },
      {
        "title": "HT4170",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4170?viewlocale=ja_JP"
      },
      {
        "title": "HT4418",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4418?viewlocale=ja_JP"
      },
      {
        "title": "HT4171",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4171?viewlocale=ja_JP"
      },
      {
        "title": "openssl097a-0.9.7a-9.AXS3.2",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1011"
      },
      {
        "title": "jdk-1.6.0_19",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1028"
      },
      {
        "title": "httpd-2.2.3-31.2.1AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=774"
      },
      {
        "title": "nss-3.12.6-1.AXS3 and nspr-4.8.4-1.AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1012"
      },
      {
        "title": "gnutls-1.4.1-3.8.0.1.AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1013"
      },
      {
        "title": "jdk-1.6.0_22",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1285"
      },
      {
        "title": "openssl-0.9.8e-12.AXS3.6",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1014"
      },
      {
        "title": "609365",
        "trust": 0.8,
        "url": "http://search.sybase.com/kbx/changerequests?bug_id=609365"
      },
      {
        "title": "cisco-sa-20091109-tls",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
      },
      {
        "title": "cpujul2010.html",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
      },
      {
        "title": "javacpuoct2010-176258",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
      },
      {
        "title": "cpuapr2011-301950",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
      },
      {
        "title": "javacpumar2010",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
      },
      {
        "title": "HS10-030",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-030/index.html"
      },
      {
        "title": "HS10-010",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html"
      },
      {
        "title": "HS11-006",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-006/index.html"
      },
      {
        "title": "HPSBUX02517",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02079216"
      },
      {
        "title": "HPSBUX02608",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02616748"
      },
      {
        "title": "HPSBUX02498",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01963123"
      },
      {
        "title": "HPSBMU02769 SSRT100846",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151"
      },
      {
        "title": "HPSBUX02482",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
      },
      {
        "title": "HPSBUX02524",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02122104"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150888"
      },
      {
        "title": "7007033",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
      },
      {
        "title": "7014463",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009"
      },
      {
        "title": "7006876",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239"
      },
      {
        "title": "1426108",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
      },
      {
        "title": "4909",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4909"
      },
      {
        "title": "7007951",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
      },
      {
        "title": "4025718",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
      },
      {
        "title": "7008517",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
      },
      {
        "title": "4025719",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
      },
      {
        "title": "1444772",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21444772"
      },
      {
        "title": "4025742",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025742"
      },
      {
        "title": "1412438",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412438#2"
      },
      {
        "title": "IC68054",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
      },
      {
        "title": "1293566",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566#6a"
      },
      {
        "title": "4025746",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025746"
      },
      {
        "title": "1432298",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
      },
      {
        "title": "PM10658",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
      },
      {
        "title": "1413714",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21413714"
      },
      {
        "title": "4025312",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
      },
      {
        "title": "977377",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/977377.mspx"
      },
      {
        "title": "MS10-049",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx"
      },
      {
        "title": "2043",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2043"
      },
      {
        "title": "2046",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2046"
      },
      {
        "title": "1819",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1819"
      },
      {
        "title": "2047",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2047"
      },
      {
        "title": "1820",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1820"
      },
      {
        "title": "2048",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2048"
      },
      {
        "title": "MFSA 2010-22",
        "trust": 0.8,
        "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
      },
      {
        "title": "MFSA 2010-22",
        "trust": 0.8,
        "url": "http://www.mozilla-japan.org/security/announce/2010/mfsa2010-22.html"
      },
      {
        "title": "NV10-008",
        "trust": 0.8,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv10-008.html"
      },
      {
        "title": "CVE-2009-3555",
        "trust": 0.8,
        "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
      },
      {
        "title": "secadv_20091111",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20091111.txt"
      },
      {
        "title": "RELEASE_NOTES-1.3.2c",
        "trust": 0.8,
        "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
      },
      {
        "title": "RHSA-2010:0338",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0338.html"
      },
      {
        "title": "RHSA-2010:0164",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0164.html"
      },
      {
        "title": "RHSA-2010:0339",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0339.html"
      },
      {
        "title": "RHSA-2010:0865",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0865.html"
      },
      {
        "title": "RHSA-2010:0165",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0165.html"
      },
      {
        "title": "RHSA-2010:0166",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0166.html"
      },
      {
        "title": "RHSA-2010:0167",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0167.html"
      },
      {
        "title": "RHSA-2010:0770",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0770.html"
      },
      {
        "title": "RHSA-2010:0786",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0786.html"
      },
      {
        "title": "RHSA-2010:0130",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0130.html"
      },
      {
        "title": "RHSA-2010:0768",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0768.html"
      },
      {
        "title": "RHSA-2010:0807",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0807.html"
      },
      {
        "title": "RHSA-2010:0155",
        "trust": 0.8,
        "url": "http://rhn.redhat.com/errata/RHSA-2010-0155.html"
      },
      {
        "title": "RHSA-2009:1579",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2009-1579.html"
      },
      {
        "title": "RHSA-2010:0162",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0162.html"
      },
      {
        "title": "RHSA-2009:1580",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2009-1580.html"
      },
      {
        "title": "RHSA-2010:0987",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0987.html"
      },
      {
        "title": "RHSA-2010:0337",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0337.html"
      },
      {
        "title": "RHSA-2010:0163",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2010-0163.html"
      },
      {
        "title": "SA44",
        "trust": 0.8,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA44"
      },
      {
        "title": "multiple_vulnerabilities_in_the_apache",
        "trust": 0.8,
        "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
      },
      {
        "title": "Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16",
        "trust": 0.8,
        "url": "http://blogs.oracle.com/sunsecurity"
      },
      {
        "title": "273029",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
      },
      {
        "title": "273350",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1"
      },
      {
        "title": "274990",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
      },
      {
        "title": "TLSA-2010-20",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-20j.txt"
      },
      {
        "title": "TLSA-2010-42",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-42j.txt"
      },
      {
        "title": "TLSA-2009-30",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt"
      },
      {
        "title": "TLSA-2009-32",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-32j.txt"
      },
      {
        "title": "VMSA-2010-0019",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
      },
      {
        "title": "VMSA-2011-0003",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
      },
      {
        "title": "100716_91",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/global/jp/security/100716_91/top.html"
      },
      {
        "title": "HS10-010",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-010/index.html"
      },
      {
        "title": "HS10-030",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030"
      },
      {
        "title": "HS11-006",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html"
      },
      {
        "title": "977377",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/advisory/977377.mspx"
      },
      {
        "title": "MS10-049",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms10-049.mspx"
      },
      {
        "title": "MS10-049e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS10-049e.mspx"
      },
      {
        "title": "TA10-222A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-222a.html"
      },
      {
        "title": "VU#120541",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu120541.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.9
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [IPA evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
      },
      {
        "trust": 1.9,
        "url": "http://extendedsubset.com/?p=8"
      },
      {
        "trust": 1.9,
        "url": "http://www.links.org/?p=780"
      },
      {
        "trust": 1.9,
        "url": "http://www.links.org/?p=786"
      },
      {
        "trust": 1.9,
        "url": "http://www.links.org/?p=789"
      },
      {
        "trust": 1.9,
        "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
      },
      {
        "trust": 1.9,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
      },
      {
        "trust": 1.9,
        "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/36935"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/37453"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/38020"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/39136"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/39242"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/39243"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/39500"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/40747"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2009/3310"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2009/3313"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2010/0086"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2010/0982"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2010/3086"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2010/3126"
      },
      {
        "trust": 1.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/120541"
      },
      {
        "trust": 1.6,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3555"
      },
      {
        "trust": 1.4,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
      },
      {
        "trust": 1.2,
        "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.openssl.org/news/secadv_20091111.txt"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
      },
      {
        "trust": 1.1,
        "url": "http://securitytracker.com/id?1023148"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023163"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023204"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023205"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023206"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023207"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023208"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023209"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023210"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023211"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023212"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023213"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023214"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023215"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023216"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023217"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023218"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023219"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023224"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023243"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023270"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023271"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023272"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023273"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023274"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023275"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023411"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023426"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023427"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1023428"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1024789"
      },
      {
        "trust": 1.1,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2009/nov/139"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
      },
      {
        "trust": 1.1,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37291"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37292"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37320"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37383"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37399"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37501"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37504"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37604"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37640"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37656"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37675"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37859"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38003"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38056"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38241"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38484"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38687"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/38781"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39127"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39278"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39292"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39317"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39461"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39628"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39632"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39713"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/39819"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40070"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40545"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/40866"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41480"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41490"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41818"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41967"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/41972"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42377"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42379"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42467"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42724"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42733"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42808"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42811"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/42816"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43308"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44183"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/44954"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/48577"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/60521"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/60972"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/62210"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/65202"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3164"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3165"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3205"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3220"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3353"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3354"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3484"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3521"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/3587"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0173"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0748"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0848"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0916"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0933"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/0994"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1054"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1107"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1191"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1350"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1639"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1673"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/1793"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/2010"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/2745"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2010/3069"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0032"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0033"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0086"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2009/dsa-1934"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2011/dsa-2141"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3253"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
      },
      {
        "trust": 1.1,
        "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
      },
      {
        "trust": 1.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
      },
      {
        "trust": 1.1,
        "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
      },
      {
        "trust": 1.1,
        "url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/522176"
      },
      {
        "trust": 1.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
      },
      {
        "trust": 1.1,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-1010-1"
      },
      {
        "trust": 1.1,
        "url": "http://ubuntu.com/usn/usn-923-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-927-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-927-4"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-927-5"
      },
      {
        "trust": 1.1,
        "url": "http://openbsd.org/errata45.html#010_openssl"
      },
      {
        "trust": 1.1,
        "url": "http://openbsd.org/errata46.html#004_openssl"
      },
      {
        "trust": 1.1,
        "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
      },
      {
        "trust": 1.1,
        "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
      },
      {
        "trust": 1.1,
        "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
      },
      {
        "trust": 1.1,
        "url": "http://clicky.me/tlsvuln"
      },
      {
        "trust": 1.1,
        "url": "http://extendedsubset.com/renegotiating_tls.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://kbase.redhat.com/faq/docs/doc-20491"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4004"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4170"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4171"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100070150"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100081611"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100114315"
      },
      {
        "trust": 1.1,
        "url": "http://support.avaya.com/css/p8/documents/100114327"
      },
      {
        "trust": 1.1,
        "url": "http://support.citrix.com/article/ctx123359"
      },
      {
        "trust": 1.1,
        "url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
      },
      {
        "trust": 1.1,
        "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
      },
      {
        "trust": 1.1,
        "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
      },
      {
        "trust": 1.1,
        "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
      },
      {
        "trust": 1.1,
        "url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
      },
      {
        "trust": 1.1,
        "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.betanews.com/article/1257452450"
      },
      {
        "trust": 1.1,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ingate.com/relnote.php?ver=481"
      },
      {
        "trust": 1.1,
        "url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.opera.com/docs/changelogs/unix/1060/"
      },
      {
        "trust": 1.1,
        "url": "http://www.opera.com/support/search/view/944/"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
      },
      {
        "trust": 1.1,
        "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.tombom.co.uk/blog/?p=85"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
      },
      {
        "trust": 1.1,
        "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
      },
      {
        "trust": 0.8,
        "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
      },
      {
        "trust": 0.8,
        "url": "http://cvs.openssl.org/chngview?cn=18790"
      },
      {
        "trust": 0.8,
        "url": "http://www.links.org/files/no-renegotiation-2.patch"
      },
      {
        "trust": 0.8,
        "url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu120541"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu490671"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2010-22"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/38338"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/38728"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/38608"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/44292"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/44293"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/40879"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/44260"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/37566"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa10-222a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/1280"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/2660"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/1942"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2009/3393"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/0125"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/0212"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/0457"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/2046"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2011/1039"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95298925/"
      },
      {
        "trust": 0.8,
        "url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-002319.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-160-01"
      },
      {
        "trust": 0.4,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.4,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.4,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.3,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
      },
      {
        "trust": 0.2,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.2,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.2,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4143"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4018"
      },
      {
        "trust": 0.1,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3011"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4017"
      },
      {
        "trust": 0.1,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/servers/manage/smh"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44293/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/research/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44293/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3874"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3881"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3883"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3884"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3869"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3882"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3879"
      },
      {
        "trust": 0.1,
        "url": "http://blogs.sun.com/darcy/resource/openjdk_6/openjdk6-b18-changes-summary.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3881"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3877"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3883"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3869"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3871"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3882"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3873"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3875"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3874"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3885"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3871"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3877"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3876"
      },
      {
        "trust": 0.1,
        "url": "http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3880"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3885"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3880"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3879"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0130"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0129"
      },
      {
        "trust": 0.1,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en\u0026cc=us\u0026prodnameid=3188475\u0026prodtypeid=329290\u0026prodseriesid=3188465\u0026swlang=8\u0026taskid=135\u0026swenvoid=1113"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/go/bizsupport"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1965"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3985"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0079"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4070"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0082"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2371"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0169"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4061"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1210"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4181"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1832"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1994"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4058"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1828"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0353"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3975"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2766"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4061"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3767"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0473"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0172"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1971"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0479"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2043"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3175"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3973"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3655"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2760"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1187"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1961"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0447"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2462"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0456"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2770"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1125"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3958"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3777"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3003"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0067"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3174"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0168"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0057"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0443"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2993"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3376"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5017"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1940"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3069"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2989"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0182"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4179"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2436"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3072"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1208"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3967"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2375"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2376"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3971"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3772"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3977"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3965"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0469"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3978"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1834"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2472"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3378"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2767"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1952"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0078"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0170"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0164"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0775"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3400"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1211"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3372"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2769"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4188"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5012"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4206"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5354"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5504"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4067"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3648"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0776"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0477"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2467"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0475"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3962"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2408"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4201"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4202"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4182"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1206"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3990"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1975"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1392"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4070"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2044"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4068"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4059"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5023"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1308"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1044"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5508"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0654"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0070"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4065"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1307"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3866"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0080"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2984"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0478"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1213"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0352"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5014"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2664"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0051"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3989"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3984"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3371"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3382"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4068"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4582"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5502"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2437"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3978"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3993"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5506"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3375"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3078"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0173"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3075"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3969"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0462"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2605"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1169"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1311"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4066"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3658"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1973"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3004"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1950"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1972"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2369"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1215"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4062"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0463"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3001"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0167"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3381"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3988"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0452"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2374"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3994"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1960"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1963"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3167"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0774"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4065"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5022"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5024"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0468"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1203"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0074"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2061"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0085"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3980"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1966"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1945"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4184"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1959"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4060"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0077"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0068"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1974"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0016"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2065"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4066"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0081"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4063"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1955"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1302"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5503"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3374"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3968"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1028"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4059"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3005"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4185"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2986"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5839"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1121"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3661"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2765"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5913"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3169"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5843"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3663"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3651"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5016"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2372"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1951"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3274"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1197"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3964"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1953"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4067"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2997"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3778"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2996"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3232"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0061"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4063"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3073"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2654"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0354"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5500"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3380"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1212"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0357"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1976"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0773"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0220"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0071"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0777"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0055"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5052"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0165"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2464"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2378"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0160"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5513"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3986"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0367"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2752"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3388"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2469"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2753"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3650"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3002"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2764"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3983"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2751"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4190"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2477"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2981"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2768"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2991"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0358"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2373"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3670"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3987"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3976"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4582"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3377"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4208"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1956"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4186"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0441"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0054"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5014"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2671"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2662"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1309"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1840"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3957"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1585"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5840"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0445"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2998"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0355"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1200"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2362"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3077"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0056"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2987"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3101"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5501"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4195"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4209"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3985"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1962"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3660"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2762"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5833"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1839"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2988"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0648"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3101"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3168"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0072"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2995"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3399"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0171"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2983"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5841"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5019"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2985"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0458"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3073"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3837"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0066"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3836"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0174"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5842"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0457"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3176"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5511"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0356"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4205"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3379"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4064"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4508"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1310"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0016"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1967"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1306"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3079"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2471"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0073"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0474"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0444"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0455"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1954"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4062"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3647"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4210"
      },
      {
        "trust": 0.1,
        "url": "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c="
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0017"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1305"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0446"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3966"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0181"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0069"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5013"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3979"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0450"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1214"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1196"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0449"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0062"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1841"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3179"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0367"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3765"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1947"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3070"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4060"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3992"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1563"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0442"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0175"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1712"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1199"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2365"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2404"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3775"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1198"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2535"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1938"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5505"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1946"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5512"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5074"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4187"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3766"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2437"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1949"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3776"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5830"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0075"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1202"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1958"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5015"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0163"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4069"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0179"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1313"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0159"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1939"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3972"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3182"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6961"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2990"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3970"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3178"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4069"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4191"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3956"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4204"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2763"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2982"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3986"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3654"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2364"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3389"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2980"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3963"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0464"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1209"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2754"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2470"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2210"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1202"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5829"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3982"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3173"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3774"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3995"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5510"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4192"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2463"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0467"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1964"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3959"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3770"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3769"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0772"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3665"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4196"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5822"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2466"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3649"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3653"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3768"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2478"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3988"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1312"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0058"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3771"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2479"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3383"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1303"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2465"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3170"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2377"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3991"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3982"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5012"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1957"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2755"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1948"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3961"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0470"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3773"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3076"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0166"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1571"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3984"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3640"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2436"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3981"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1970"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0461"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4215"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4058"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0451"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0771"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5013"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4212"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0459"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0076"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0083"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0460"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1201"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3960"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0059"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0177"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3062"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5018"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3177"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3980"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2363"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0084"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3652"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1941"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201301-01.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3074"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1937"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3835"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0053"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3171"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2999"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0471"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0065"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0162"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3373"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2665"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0887"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839"
      },
      {
        "trust": 0.1,
        "url": "http://www.gentoo.org/doc/en/java.xml#doc_chap4"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201006-18.xml"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0840"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
      },
      {
        "trust": 0.1,
        "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "PACKETSTORM",
        "id": "169645"
      },
      {
        "db": "PACKETSTORM",
        "id": "93944"
      },
      {
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "100761"
      },
      {
        "db": "PACKETSTORM",
        "id": "89026"
      },
      {
        "db": "PACKETSTORM",
        "id": "111583"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "PACKETSTORM",
        "id": "119293"
      },
      {
        "db": "PACKETSTORM",
        "id": "90286"
      },
      {
        "db": "PACKETSTORM",
        "id": "98469"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "db": "PACKETSTORM",
        "id": "169645"
      },
      {
        "db": "PACKETSTORM",
        "id": "93944"
      },
      {
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "db": "PACKETSTORM",
        "id": "100761"
      },
      {
        "db": "PACKETSTORM",
        "id": "89026"
      },
      {
        "db": "PACKETSTORM",
        "id": "111583"
      },
      {
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "db": "PACKETSTORM",
        "id": "119293"
      },
      {
        "db": "PACKETSTORM",
        "id": "90286"
      },
      {
        "db": "PACKETSTORM",
        "id": "98469"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-11-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "date": "2009-11-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "date": "2009-11-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169645"
      },
      {
        "date": "2010-09-17T00:35:23",
        "db": "PACKETSTORM",
        "id": "93944"
      },
      {
        "date": "2010-05-03T23:54:02",
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "date": "2015-03-18T00:44:34",
        "db": "PACKETSTORM",
        "id": "130868"
      },
      {
        "date": "2010-04-07T02:30:56",
        "db": "PACKETSTORM",
        "id": "88167"
      },
      {
        "date": "2011-04-24T07:03:07",
        "db": "PACKETSTORM",
        "id": "100761"
      },
      {
        "date": "2010-04-28T20:44:54",
        "db": "PACKETSTORM",
        "id": "89026"
      },
      {
        "date": "2012-04-05T00:45:56",
        "db": "PACKETSTORM",
        "id": "111583"
      },
      {
        "date": "2011-11-09T00:58:11",
        "db": "PACKETSTORM",
        "id": "106754"
      },
      {
        "date": "2013-01-08T03:21:24",
        "db": "PACKETSTORM",
        "id": "119293"
      },
      {
        "date": "2010-06-04T05:32:00",
        "db": "PACKETSTORM",
        "id": "90286"
      },
      {
        "date": "2011-02-14T21:33:52",
        "db": "PACKETSTORM",
        "id": "98469"
      },
      {
        "date": "2010-04-20T15:07:58",
        "db": "PACKETSTORM",
        "id": "88698"
      },
      {
        "date": "2012-04-17T20:41:11",
        "db": "PACKETSTORM",
        "id": "111920"
      },
      {
        "date": "2009-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "date": "2011-05-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "date": "2009-11-09T17:30:00.407000",
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#120541"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41001"
      },
      {
        "date": "2016-09-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002319"
      },
      {
        "date": "2022-06-13T05:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001632"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2009-3555"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "89136"
      },
      {
        "db": "PACKETSTORM",
        "id": "88698"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SSL and TLS protocols renegotiation vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#120541"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "89136"
      }
    ],
    "trust": 0.1
  }
}

CVE-2023-4421 (GCVE-0-2023-4421)

Vulnerability from nvd – Published: 2023-12-12 17:02 – Updated: 2025-11-04 19:25
VLAI?
Summary
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.
Severity ?
No CVSS data available.
CWE
  • Timing side-channel in PKCS#1 v1.5 decryption depadding code
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.61 (custom)
Create a notification for this product.
Credits
Hubert Kario
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:25:18.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651411"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-53/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hubert Kario"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim\u0027s key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS \u003c 3.61."
            }
          ],
          "value": "The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim\u0027s key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS \u003c 3.61."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Timing side-channel in PKCS#1 v1.5 decryption depadding code",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-12T17:02:08.801Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651411"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-53/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2023-4421",
    "datePublished": "2023-12-12T17:02:08.801Z",
    "dateReserved": "2023-08-18T13:25:38.056Z",
    "dateUpdated": "2025-11-04T19:25:18.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-43527 (GCVE-0-2021-43527)

Vulnerability from nvd – Published: 2021-12-08 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
Severity ?
No CVSS data available.
CWE
  • Memory corruption via DER-encoded DSA and RSA-PSS signatures
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.73 (custom)
Affected: unspecified , < 3.68.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:55:29.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-51/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211229-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/"
          },
          {
            "name": "GLSA-202212-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.73",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.68.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS \u003c 3.73 and NSS \u003c 3.68.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption via DER-encoded DSA and RSA-PSS signatures",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-51/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470"
        },
        {
          "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/"
        },
        {
          "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211229-0002/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/"
        },
        {
          "name": "GLSA-202212-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-43527",
    "datePublished": "2021-12-08T00:00:00",
    "dateReserved": "2021-11-08T00:00:00",
    "dateUpdated": "2024-08-04T03:55:29.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12403 (GCVE-0-2020-12403)

Vulnerability from nvd – Published: 2021-05-27 00:00 – Updated: 2024-08-04 11:56
VLAI?
Summary
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a nss Affected: nss 3.55
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:51.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868931"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes"
          },
          {
            "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3327-1] nss security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230324-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nss",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "nss 3.55"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-24T00:00:00",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868931"
        },
        {
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes"
        },
        {
          "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3327-1] nss security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230324-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-12403",
    "datePublished": "2021-05-27T00:00:00",
    "dateReserved": "2020-04-28T00:00:00",
    "dateUpdated": "2024-08-04T11:56:51.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17007 (GCVE-0-2019-17007)

Vulnerability from nvd – Published: 2020-10-22 20:28 – Updated: 2024-08-05 01:24
VLAI?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
Severity ?
No CVSS data available.
CWE
  • CERT_DecodeCertPackage() crash with Netscape Certificate Sequences
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.44 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.44",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T06:00:05",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.44"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2019-17007",
    "datePublished": "2020-10-22T20:28:17",
    "dateReserved": "2019-09-30T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17006 (GCVE-0-2019-17006)

Vulnerability from nvd – Published: 2020-10-22 20:24 – Updated: 2024-08-05 01:24
VLAI?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Severity ?
No CVSS data available.
CWE
  • missing length checks for cryptographic primitives
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.46 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.46",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "missing length checks for cryptographic primitives",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T06:05:28",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17006",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.46"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "missing length checks for cryptographic primitives"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210129-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2019-17006",
    "datePublished": "2020-10-22T20:24:25",
    "dateReserved": "2019-09-30T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18508 (GCVE-0-2018-18508)

Vulnerability from nvd – Published: 2020-10-22 20:14 – Updated: 2024-08-05 11:08
VLAI?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
Severity ?
No CVSS data available.
CWE
  • Denial of Service through malformed signatures
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.41.1 (custom)
Affected: unspecified , < 3.36.7 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:22.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.41.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.36.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service through malformed signatures",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T05:57:40",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-18508",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.41.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.36.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service through malformed signatures"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-18508",
    "datePublished": "2020-10-22T20:14:42",
    "dateReserved": "2018-10-19T00:00:00",
    "dateUpdated": "2024-08-05T11:08:22.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5285 (GCVE-0-2016-5285)

Vulnerability from nvd – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
VLAI?
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Severity ?
No CVSS data available.
CWE
  • denial of service
Assigner
References
Impacted products
Vendor Product Version
Mozilla Network Security Services Affected: 3.24
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:48.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3163-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa137"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Network Security Services",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "3.24"
            }
          ]
        }
      ],
      "datePublic": "2016-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-09T19:53:19",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/94349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3163-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa137"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-5285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Network Security Services",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "name": "http://www.securityfocus.com/bid/94349",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/201701-46",
              "refsource": "MISC",
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
              "refsource": "MISC",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "name": "http://www.ubuntu.com/usn/USN-3163-1",
              "refsource": "MISC",
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa137",
              "refsource": "MISC",
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-5285",
    "datePublished": "2019-11-15T15:44:05",
    "dateReserved": "2016-06-03T00:00:00",
    "dateUpdated": "2024-08-06T00:53:48.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8635 (GCVE-0-2016-8635)

Vulnerability from nvd – Published: 2018-08-01 13:00 – Updated: 2024-08-06 02:27
VLAI?
Summary
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Severity ?
5.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Mozilla nss Affected: 3.21.x
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
          },
          {
            "name": "RHSA-2016:2779",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
          },
          {
            "name": "GLSA-201701-46",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "name": "94346",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94346"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nss",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "3.21.x"
            }
          ]
        }
      ],
      "datePublic": "2016-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-02T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
        },
        {
          "name": "RHSA-2016:2779",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
        },
        {
          "name": "GLSA-201701-46",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "name": "94346",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94346"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8635",
    "datePublished": "2018-08-01T13:00:00",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1938 (GCVE-0-2016-1938)

Vulnerability from nvd – Published: 2016-01-31 18:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/81955 vdb-entryx_refsource_BID
http://www.debian.org/security/2016/dsa-3688 vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id/1034825 vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-46 vendor-advisoryx_refsource_GENTOO
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2903-2 vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2880-1 vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2903-1 vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2880-2 vendor-advisoryx_refsource_UBUNTU
https://github.com/hannob/bignum-fuzz/blob/master… x_refsource_MISC
https://developer.mozilla.org/en-US/docs/Mozilla/… x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
https://blog.fuzzing-project.org/37-Mozilla-NSS-W… x_refsource_MISC
http://www.ubuntu.com/usn/USN-2973-1 vendor-advisoryx_refsource_UBUNTU
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/91787 vdb-entryx_refsource_BID
https://github.com/hannob/bignum-fuzz/blob/master… x_refsource_MISC
https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://hg.mozilla.org/projects/nss/diff/a555bf0f… x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "81955",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81955"
          },
          {
            "name": "DSA-3688",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3688"
          },
          {
            "name": "1034825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034825"
          },
          {
            "name": "GLSA-201701-46",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "USN-2903-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2903-2"
          },
          {
            "name": "USN-2880-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2880-1"
          },
          {
            "name": "USN-2903-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2903-1"
          },
          {
            "name": "USN-2880-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2880-2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
          },
          {
            "name": "SUSE-SU-2016:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"
          },
          {
            "name": "USN-2973-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2973-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"
          },
          {
            "name": "openSUSE-SU-2016:0309",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"
          },
          {
            "name": "GLSA-201605-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201605-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"
          },
          {
            "name": "openSUSE-SU-2016:0306",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "81955",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81955"
        },
        {
          "name": "DSA-3688",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3688"
        },
        {
          "name": "1034825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034825"
        },
        {
          "name": "GLSA-201701-46",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "USN-2903-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2903-2"
        },
        {
          "name": "USN-2880-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2880-1"
        },
        {
          "name": "USN-2903-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2903-1"
        },
        {
          "name": "USN-2880-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2880-2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
        },
        {
          "name": "SUSE-SU-2016:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"
        },
        {
          "name": "USN-2973-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2973-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"
        },
        {
          "name": "openSUSE-SU-2016:0309",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"
        },
        {
          "name": "GLSA-201605-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201605-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"
        },
        {
          "name": "openSUSE-SU-2016:0306",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-1938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "81955",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81955"
            },
            {
              "name": "DSA-3688",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3688"
            },
            {
              "name": "1034825",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034825"
            },
            {
              "name": "GLSA-201701-46",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2903-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2903-2"
            },
            {
              "name": "USN-2880-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2880-1"
            },
            {
              "name": "USN-2903-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2903-1"
            },
            {
              "name": "USN-2880-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2880-2"
            },
            {
              "name": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c",
              "refsource": "MISC",
              "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
            },
            {
              "name": "SUSE-SU-2016:0338",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"
            },
            {
              "name": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html",
              "refsource": "MISC",
              "url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"
            },
            {
              "name": "USN-2973-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2973-1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"
            },
            {
              "name": "openSUSE-SU-2016:0309",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c",
              "refsource": "MISC",
              "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"
            },
            {
              "name": "GLSA-201605-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"
            },
            {
              "name": "openSUSE-SU-2016:0306",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"
            },
            {
              "name": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c",
              "refsource": "CONFIRM",
              "url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-1938",
    "datePublished": "2016-01-31T18:00:00",
    "dateReserved": "2016-01-20T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3555 (GCVE-0-2009-3555)

Vulnerability from nvd – Published: 2009-11-09 17:00 – Updated: 2024-08-07 06:31
VLAI?
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://www.securitytracker.com/id?1023427 vdb-entryx_refsource_SECTRACK
http://support.avaya.com/css/P8/documents/100081611 x_refsource_CONFIRM
http://osvdb.org/62210 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/37640 third-party-advisoryx_refsource_SECUNIA
http://www.arubanetworks.com/support/alerts/aid-0… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0916 vdb-entryx_refsource_VUPEN
http://support.avaya.com/css/P8/documents/100114327 x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/2010 vdb-entryx_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0086 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1673 vdb-entryx_refsource_VUPEN
http://www.ietf.org/mail-archive/web/tls/current/… mailing-listx_refsource_MLIST
http://secunia.com/advisories/37656 third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-08… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/39628 third-party-advisoryx_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://secunia.com/advisories/42724 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3310 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3205 vdb-entryx_refsource_VUPEN
http://blogs.sun.com/security/entry/vulnerability… x_refsource_CONFIRM
http://secunia.com/advisories/39461 third-party-advisoryx_refsource_SECUNIA
http://support.avaya.com/css/P8/documents/100114315 x_refsource_CONFIRM
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
http://www.ingate.com/Relnote.php?ver=481 x_refsource_CONFIRM
http://www.securitytracker.com/id?1023204 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/40866 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134254866602253&w=2 vendor-advisoryx_refsource_HP
http://www.us-cert.gov/cas/techalerts/TA10-222A.html third-party-advisoryx_refsource_CERT
http://www.securitytracker.com/id?1023211 vdb-entryx_refsource_SECTRACK
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://secunia.com/advisories/39317 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023212 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/39127 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/40545 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3069 vdb-entryx_refsource_VUPEN
http://openbsd.org/errata45.html#010_openssl vendor-advisoryx_refsource_OPENBSD
http://www.securitytracker.com/id?1023210 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1023270 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/40070 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023273 vdb-entryx_refsource_SECTRACK
http://kbase.redhat.com/faq/docs/DOC-20491 x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-927-5 vendor-advisoryx_refsource_UBUNTU
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
http://www.openssl.org/news/secadv_20091111.txt x_refsource_CONFIRM
http://www.securitytracker.com/id?1023275 vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3253 vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/3484 vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023207 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/37859 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2 vendor-advisoryx_refsource_HP
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0848 vdb-entryx_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/11/07/3 mailing-listx_refsource_MLIST
http://secunia.com/advisories/39819 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://www.links.org/?p=786 x_refsource_MISC
http://osvdb.org/60521 vdb-entryx_refsource_OSVDB
http://www.openwall.com/lists/oss-security/2009/1… mailing-listx_refsource_MLIST
http://www.kb.cert.org/vuls/id/120541 third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id?1023217 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3353 vdb-entryx_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/39136 third-party-advisoryx_refsource_SECUNIA
http://www.openoffice.org/security/cves/CVE-2009-… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0032 vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1023148 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/36935 vdb-entryx_refsource_BID
http://www.tombom.co.uk/blog/?p=85 x_refsource_MISC
http://marc.info/?l=bugtraq&m=130497311408250&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2010/1107 vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023218 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2010/1350 vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-03… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/42379 third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://www.securitytracker.com/id?1023213 vdb-entryx_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/1793 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://extendedsubset.com/?p=8 x_refsource_MISC
http://secunia.com/advisories/37292 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176 vendor-advisoryx_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/39278 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023205 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142660345230545&w=2 vendor-advisoryx_refsource_HP
http://tomcat.apache.org/native-doc/miscellaneous… x_refsource_CONFIRM
http://support.apple.com/kb/HT4004 x_refsource_CONFIRM
http://www.securitytracker.com/id?1023215 vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1010-1 vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id?1023206 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200912-01.xml vendor-advisoryx_refsource_GENTOO
http://marc.info/?l=bugtraq&m=127419602507642&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/3313 vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://www.securitytracker.com/id?1023208 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/43308 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023214 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/38781 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133469267822771&w=2 vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=127419602507642&w=2 vendor-advisoryx_refsource_HP
http://www.debian.org/security/2009/dsa-1934 vendor-advisoryx_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.securitytracker.com/id?1023271 vdb-entryx_refsource_SECTRACK
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://marc.info/?l=cryptography&m=125752275331877&w=2 mailing-listx_refsource_MLIST
http://secunia.com/advisories/42467 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508130/100… mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.securitytracker.com/id?1023224 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-927-4 vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/41490 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508075/100… mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023243 vdb-entryx_refsource_SECTRACK
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiat… x_refsource_MISC
http://secunia.com/advisories/37504 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023219 vdb-entryx_refsource_SECTRACK
http://sysoev.ru/nginx/patch.cve-2009-3555.txt x_refsource_CONFIRM
http://xss.cx/examples/plesk-reports/plesk-parall… x_refsource_MISC
http://www.securitytracker.com/id?1023163 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/3521 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.itrc.hp.com/service/cki/docDisplay.do?… vendor-advisoryx_refsource_HP
http://support.zeus.com/zws/news/2010/01/13/zws_4… x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533125 x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/44183 third-party-advisoryx_refsource_SECUNIA
http://support.zeus.com/zws/media/docs/4.3/RELEAS… x_refsource_CONFIRM
http://secunia.com/advisories/42808 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/39500 third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3220 vdb-entryx_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docI… vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=127557596201693&w=2 vendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100… mailing-listx_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2010-09… vendor-advisoryx_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://blogs.iss.net/archive/sslmitmiscsrf.html x_refsource_MISC
http://www.securitytracker.com/id?1023411 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-03… vendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-09… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3164 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/37383 third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/44954 third-party-advisoryx_refsource_SECUNIA
http://www.ietf.org/mail-archive/web/tls/current/… mailing-listx_refsource_MLIST
http://marc.info/?l=bugtraq&m=127557596201693&w=2 vendor-advisoryx_refsource_HP
http://support.avaya.com/css/P8/documents/100070150 x_refsource_CONFIRM
http://secunia.com/advisories/40747 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/archive/1/522176 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/39292 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42816 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://extendedsubset.com/Renegotiating_TLS.pdf x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://support.apple.com/kb/HT4170 x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/507952/100… mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023209 vdb-entryx_refsource_SECTRACK
http://www-1.ibm.com/support/search.wss?rs=0&q=PM… vendor-advisoryx_refsource_AIXAPAR
http://www.vmware.com/support/vsphere4/doc/vsp_vc… x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130497311408250&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/48577 third-party-advisoryx_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
http://www.links.org/?p=789 x_refsource_MISC
http://www.opera.com/docs/changelogs/unix/1060/ x_refsource_CONFIRM
http://www.securegoose.org/2009/11/tls-renegotiat… x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2011-08… vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/06/3 mailing-listx_refsource_MLIST
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2009-0155 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://support.citrix.com/article/CTX123359 x_refsource_CONFIRM
http://secunia.com/advisories/37501 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/3587 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/39632 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/38687 third-party-advisoryx_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
http://www.vupen.com/english/advisories/2010/0982 vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=133469267822771&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/37399 third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-927-1 vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id?1023272 vdb-entryx_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/3126 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/37320 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3165 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1639 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/38020 third-party-advisoryx_refsource_SECUNIA
http://ubuntu.com/usn/usn-923-1 vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/39243 third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/37453 third-party-advisoryx_refsource_SECUNIA
http://www.hitachi.co.jp/Prod/comp/soft1/security… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0933 vdb-entryx_refsource_VUPEN
http://www.itrc.hp.com/service/cki/docDisplay.do?… vendor-advisoryx_refsource_HP
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
http://secunia.com/advisories/41972 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3086 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2141 vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id?1024789 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://www.educatedguesswork.org/2009/11/understa… x_refsource_MISC
http://www.vupen.com/english/advisories/2011/0033 vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-03… vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id?1023216 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/41480 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0086 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/41818 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/37604 third-party-advisoryx_refsource_SECUNIA
http://www.opera.com/support/search/view/944/ x_refsource_CONFIRM
http://marc.info/?l=apache-httpd-announce&m=12575… mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.us-cert.gov/cas/techalerts/TA10-287A.html third-party-advisoryx_refsource_CERT
http://www.links.org/?p=780 x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/38056 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0748 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/37675 third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://itrc.hp.com/service/cki/docDisplay.do?docI… vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=127128920008563&w=2 vendor-advisoryx_refsource_HP
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
https://svn.resiprocate.org/rep/ietf-drafts/ekr/d… x_refsource_MISC
http://secunia.com/advisories/38003 third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT4171 x_refsource_CONFIRM
http://www.securitytracker.com/id?1023428 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2 vendor-advisoryx_refsource_HP
http://www.openwall.com/lists/oss-security/2009/11/20/1 mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2009/3354 vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023274 vdb-entryx_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/39242 third-party-advisoryx_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50 x_refsource_CONFIRM
http://secunia.com/advisories/38241 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42377 third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201203-22.xml vendor-advisoryx_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/11/05/3 mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://osvdb.org/60972 vdb-entryx_refsource_OSVDB
http://www.securitytracker.com/id?1023426 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/38484 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.betanews.com/article/1257452450 x_refsource_MISC
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://www.mozilla.org/security/announce/2010/mfs… x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100… mailing-listx_refsource_BUGTRAQ
http://openbsd.org/errata46.html#004_openssl vendor-advisoryx_refsource_OPENBSD
http://secunia.com/advisories/41967 third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-08… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/1191 vdb-entryx_refsource_VUPEN
http://seclists.org/fulldisclosure/2009/Nov/139 mailing-listx_refsource_FULLDISC
https://support.f5.com/kb/en-us/solutions/public/… x_refsource_MISC
http://www.openwall.com/lists/oss-security/2009/11/05/5 mailing-listx_refsource_MLIST
http://secunia.com/advisories/39713 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42733 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/37291 third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/2745 vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://www.vupen.com/english/advisories/2010/0994 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0173 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1054 vdb-entryx_refsource_VUPEN
http://osvdb.org/65202 vdb-entryx_refsource_OSVDB
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.gnu.org/archive/html/gnutls-devel/20… mailing-listx_refsource_MLIST
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
http://clicky.me/tlsvuln x_refsource_MISC
http://secunia.com/advisories/42811 third-party-advisoryx_refsource_SECUNIA
https://lists.apache.org/thread.html/ba661b0edd91… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f8e0814e11c7… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf8e8c091182… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re3b72cbb13e… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-05-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
          },
          {
            "name": "1023427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023427"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081611"
          },
          {
            "name": "62210",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62210"
          },
          {
            "name": "37640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
          },
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0167",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
          },
          {
            "name": "ADV-2010-2010",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2010"
          },
          {
            "name": "FEDORA-2009-12750",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
          },
          {
            "name": "ADV-2010-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0086"
          },
          {
            "name": "ADV-2010-1673",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1673"
          },
          {
            "name": "[tls] 20091104 TLS renegotiation issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
          },
          {
            "name": "37656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37656"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "39628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "ADV-2009-3310",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3310"
          },
          {
            "name": "ADV-2009-3205",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ingate.com/Relnote.php?ver=481"
          },
          {
            "name": "1023204",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023204"
          },
          {
            "name": "40866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40866"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "1023211",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023211"
          },
          {
            "name": "SSRT090249",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "39317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39317"
          },
          {
            "name": "1023212",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023212"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "39127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39127"
          },
          {
            "name": "40545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40545"
          },
          {
            "name": "ADV-2010-3069",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3069"
          },
          {
            "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata45.html#010_openssl"
          },
          {
            "name": "1023210",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023210"
          },
          {
            "name": "1023270",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023270"
          },
          {
            "name": "40070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40070"
          },
          {
            "name": "1023273",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
          },
          {
            "name": "USN-927-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-5"
          },
          {
            "name": "PM12247",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "MDVSA-2010:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20091111.txt"
          },
          {
            "name": "1023275",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023275"
          },
          {
            "name": "DSA-3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3253"
          },
          {
            "name": "ADV-2009-3484",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3484"
          },
          {
            "name": "1023207",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023207"
          },
          {
            "name": "37859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37859"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "1021752",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
          },
          {
            "name": "FEDORA-2010-6131",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
          },
          {
            "name": "ADV-2010-0848",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0848"
          },
          {
            "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
          },
          {
            "name": "39819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39819"
          },
          {
            "name": "IC68055",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=786"
          },
          {
            "name": "60521",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60521"
          },
          {
            "name": "[oss-security] 20091123 Re: CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
          },
          {
            "name": "VU#120541",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/120541"
          },
          {
            "name": "1023217",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023217"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "ADV-2009-3353",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3353"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "39136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39136"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
          },
          {
            "name": "ADV-2011-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0032"
          },
          {
            "name": "1023148",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023148"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "36935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tombom.co.uk/blog/?p=85"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "1023218",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023218"
          },
          {
            "name": "ADV-2010-1350",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1350"
          },
          {
            "name": "RHSA-2010:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
          },
          {
            "name": "42379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42379"
          },
          {
            "name": "FEDORA-2009-12775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
          },
          {
            "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
          },
          {
            "name": "IC67848",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
          },
          {
            "name": "1023213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023213"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "ADV-2010-1793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1793"
          },
          {
            "name": "oval:org.mitre.oval:def:11617",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/?p=8"
          },
          {
            "name": "37292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37292"
          },
          {
            "name": "SSRT100817",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "tls-renegotiation-weak-security(54158)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
          },
          {
            "name": "APPLE-SA-2010-05-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
          },
          {
            "name": "39278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39278"
          },
          {
            "name": "1023205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023205"
          },
          {
            "name": "RHSA-2010:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
          },
          {
            "name": "HPSBUX02482",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1023215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023215"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "1023206",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023206"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "SSRT090180",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "ADV-2009-3313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3313"
          },
          {
            "name": "274990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
          },
          {
            "name": "1023208",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023208"
          },
          {
            "name": "43308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43308"
          },
          {
            "name": "1023214",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023214"
          },
          {
            "name": "SUSE-SA:2009:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
          },
          {
            "name": "38781",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38781"
          },
          {
            "name": "HPSBOV02762",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "HPSBMA02534",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "DSA-1934",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1934"
          },
          {
            "name": "FEDORA-2009-12782",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7478",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
          },
          {
            "name": "1023271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023271"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:7315",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
          },
          {
            "name": "1023224",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023224"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "USN-927-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-4"
          },
          {
            "name": "41490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41490"
          },
          {
            "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
          },
          {
            "name": "1023243",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
          },
          {
            "name": "37504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37504"
          },
          {
            "name": "1023219",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
          },
          {
            "name": "1023163",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023163"
          },
          {
            "name": "HPSBHF02706",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "ADV-2009-3521",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3521"
          },
          {
            "name": "oval:org.mitre.oval:def:7973",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
          },
          {
            "name": "HPSBMA02568",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
          },
          {
            "name": "oval:org.mitre.oval:def:10088",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
          },
          {
            "name": "42808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42808"
          },
          {
            "name": "39500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39500"
          },
          {
            "name": "oval:org.mitre.oval:def:11578",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
          },
          {
            "name": "ADV-2009-3220",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3220"
          },
          {
            "name": "SSRT100179",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100089",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "name": "RHSA-2010:0165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
          },
          {
            "name": "1023411",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023411"
          },
          {
            "name": "RHSA-2010:0339",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "ADV-2009-3164",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3164"
          },
          {
            "name": "37383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37383"
          },
          {
            "name": "FEDORA-2009-12229",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
          },
          {
            "name": "HPSBUX02524",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100070150"
          },
          {
            "name": "40747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40747"
          },
          {
            "name": "HPSBUX02498",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "HPSBMU02759",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "39292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39292"
          },
          {
            "name": "42816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42816"
          },
          {
            "name": "IC68054",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
          },
          {
            "name": "273029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
          },
          {
            "name": "FEDORA-2009-12604",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4170"
          },
          {
            "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
          },
          {
            "name": "1023209",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023209"
          },
          {
            "name": "PM00675",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "48577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48577"
          },
          {
            "name": "SSA:2009-320-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/docs/changelogs/unix/1060/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "name": "SUSE-SR:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
          },
          {
            "name": "FEDORA-2009-12305",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
          },
          {
            "name": "SUSE-SR:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX123359"
          },
          {
            "name": "37501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37501"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "ADV-2009-3587",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3587"
          },
          {
            "name": "39632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39632"
          },
          {
            "name": "SSRT090264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "38687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
          },
          {
            "name": "MS10-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
          },
          {
            "name": "ADV-2010-0982",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0982"
          },
          {
            "name": "SSRT100825",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "37399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37399"
          },
          {
            "name": "USN-927-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-1"
          },
          {
            "name": "1023272",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023272"
          },
          {
            "name": "FEDORA-2009-12606",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "37320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37320"
          },
          {
            "name": "ADV-2009-3165",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3165"
          },
          {
            "name": "ADV-2010-1639",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1639"
          },
          {
            "name": "38020",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38020"
          },
          {
            "name": "USN-923-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-923-1"
          },
          {
            "name": "39243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39243"
          },
          {
            "name": "oval:org.mitre.oval:def:8366",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
          },
          {
            "name": "37453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "SSRT100219",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "DSA-2141",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2141"
          },
          {
            "name": "1024789",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024789"
          },
          {
            "name": "RHSA-2010:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
          },
          {
            "name": "ADV-2011-0033",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0033"
          },
          {
            "name": "RHSA-2010:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
          },
          {
            "name": "1023216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023216"
          },
          {
            "name": "41480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41480"
          },
          {
            "name": "ADV-2011-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0086"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "37604",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/support/search/view/944/"
          },
          {
            "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "name": "TA10-287A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=780"
          },
          {
            "name": "RHSA-2010:0119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
          },
          {
            "name": "38056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38056"
          },
          {
            "name": "ADV-2010-0748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0748"
          },
          {
            "name": "37675",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37675"
          },
          {
            "name": "oval:org.mitre.oval:def:8535",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
          },
          {
            "name": "HPSBMA02547",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
          },
          {
            "name": "38003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4171"
          },
          {
            "name": "1023428",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023428"
          },
          {
            "name": "SSRT100613",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "[oss-security] 20091120 CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
          },
          {
            "name": "ADV-2009-3354",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3354"
          },
          {
            "name": "1023274",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023274"
          },
          {
            "name": "FEDORA-2009-12968",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
          },
          {
            "name": "39242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "GLSA-201203-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
          },
          {
            "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "name": "60972",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60972"
          },
          {
            "name": "1023426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023426"
          },
          {
            "name": "38484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38484"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.betanews.com/article/1257452450"
          },
          {
            "name": "1021653",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata46.html#004_openssl"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "ADV-2010-1191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1191"
          },
          {
            "name": "20091111 Re: SSL/TLS MiTM PoC",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
          },
          {
            "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
          },
          {
            "name": "39713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39713"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "37291",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37291"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-5942",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "273350",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
          },
          {
            "name": "ADV-2010-0994",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0994"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          },
          {
            "name": "ADV-2010-1054",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1054"
          },
          {
            "name": "65202",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/65202"
          },
          {
            "name": "HPSBGN02562",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          },
          {
            "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
          },
          {
            "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://clicky.me/tlsvuln"
          },
          {
            "name": "42811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42811"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-05-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
        },
        {
          "name": "1023427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023427"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081611"
        },
        {
          "name": "62210",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62210"
        },
        {
          "name": "37640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
        },
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0167",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
        },
        {
          "name": "ADV-2010-2010",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2010"
        },
        {
          "name": "FEDORA-2009-12750",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
        },
        {
          "name": "ADV-2010-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0086"
        },
        {
          "name": "ADV-2010-1673",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1673"
        },
        {
          "name": "[tls] 20091104 TLS renegotiation issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
        },
        {
          "name": "37656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37656"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "39628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "ADV-2009-3310",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3310"
        },
        {
          "name": "ADV-2009-3205",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ingate.com/Relnote.php?ver=481"
        },
        {
          "name": "1023204",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023204"
        },
        {
          "name": "40866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40866"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "name": "1023211",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023211"
        },
        {
          "name": "SSRT090249",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "39317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39317"
        },
        {
          "name": "1023212",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023212"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "39127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39127"
        },
        {
          "name": "40545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40545"
        },
        {
          "name": "ADV-2010-3069",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3069"
        },
        {
          "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata45.html#010_openssl"
        },
        {
          "name": "1023210",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023210"
        },
        {
          "name": "1023270",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023270"
        },
        {
          "name": "40070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40070"
        },
        {
          "name": "1023273",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
        },
        {
          "name": "USN-927-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-5"
        },
        {
          "name": "PM12247",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "name": "MDVSA-2010:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20091111.txt"
        },
        {
          "name": "1023275",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023275"
        },
        {
          "name": "DSA-3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3253"
        },
        {
          "name": "ADV-2009-3484",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3484"
        },
        {
          "name": "1023207",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023207"
        },
        {
          "name": "37859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37859"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "1021752",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
        },
        {
          "name": "FEDORA-2010-6131",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
        },
        {
          "name": "ADV-2010-0848",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0848"
        },
        {
          "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
        },
        {
          "name": "39819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39819"
        },
        {
          "name": "IC68055",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=786"
        },
        {
          "name": "60521",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60521"
        },
        {
          "name": "[oss-security] 20091123 Re: CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
        },
        {
          "name": "VU#120541",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/120541"
        },
        {
          "name": "1023217",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023217"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "ADV-2009-3353",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3353"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "39136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39136"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
        },
        {
          "name": "ADV-2011-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0032"
        },
        {
          "name": "1023148",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023148"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "36935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tombom.co.uk/blog/?p=85"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "1023218",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023218"
        },
        {
          "name": "ADV-2010-1350",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1350"
        },
        {
          "name": "RHSA-2010:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
        },
        {
          "name": "42379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42379"
        },
        {
          "name": "FEDORA-2009-12775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
        },
        {
          "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
        },
        {
          "name": "IC67848",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
        },
        {
          "name": "1023213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023213"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "ADV-2010-1793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1793"
        },
        {
          "name": "oval:org.mitre.oval:def:11617",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/?p=8"
        },
        {
          "name": "37292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37292"
        },
        {
          "name": "SSRT100817",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "tls-renegotiation-weak-security(54158)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
        },
        {
          "name": "APPLE-SA-2010-05-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
        },
        {
          "name": "39278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39278"
        },
        {
          "name": "1023205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023205"
        },
        {
          "name": "RHSA-2010:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
        },
        {
          "name": "HPSBUX02482",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1023215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023215"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "1023206",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023206"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "SSRT090180",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "ADV-2009-3313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3313"
        },
        {
          "name": "274990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
        },
        {
          "name": "1023208",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023208"
        },
        {
          "name": "43308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43308"
        },
        {
          "name": "1023214",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023214"
        },
        {
          "name": "SUSE-SA:2009:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
        },
        {
          "name": "38781",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38781"
        },
        {
          "name": "HPSBOV02762",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "HPSBMA02534",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "DSA-1934",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1934"
        },
        {
          "name": "FEDORA-2009-12782",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7478",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
        },
        {
          "name": "1023271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023271"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:7315",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
        },
        {
          "name": "1023224",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023224"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "USN-927-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-4"
        },
        {
          "name": "41490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41490"
        },
        {
          "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
        },
        {
          "name": "1023243",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
        },
        {
          "name": "37504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37504"
        },
        {
          "name": "1023219",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
        },
        {
          "name": "1023163",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023163"
        },
        {
          "name": "HPSBHF02706",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "ADV-2009-3521",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3521"
        },
        {
          "name": "oval:org.mitre.oval:def:7973",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
        },
        {
          "name": "HPSBMA02568",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
        },
        {
          "name": "oval:org.mitre.oval:def:10088",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
        },
        {
          "name": "42808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42808"
        },
        {
          "name": "39500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39500"
        },
        {
          "name": "oval:org.mitre.oval:def:11578",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
        },
        {
          "name": "ADV-2009-3220",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3220"
        },
        {
          "name": "SSRT100179",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100089",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "name": "RHSA-2010:0165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
        },
        {
          "name": "1023411",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023411"
        },
        {
          "name": "RHSA-2010:0339",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "ADV-2009-3164",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3164"
        },
        {
          "name": "37383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37383"
        },
        {
          "name": "FEDORA-2009-12229",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
        },
        {
          "name": "HPSBUX02524",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100070150"
        },
        {
          "name": "40747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40747"
        },
        {
          "name": "HPSBUX02498",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "HPSBMU02759",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "39292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39292"
        },
        {
          "name": "42816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42816"
        },
        {
          "name": "IC68054",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
        },
        {
          "name": "273029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
        },
        {
          "name": "FEDORA-2009-12604",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4170"
        },
        {
          "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
        },
        {
          "name": "1023209",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023209"
        },
        {
          "name": "PM00675",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "48577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48577"
        },
        {
          "name": "SSA:2009-320-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/docs/changelogs/unix/1060/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "name": "SUSE-SR:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
        },
        {
          "name": "FEDORA-2009-12305",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
        },
        {
          "name": "SUSE-SR:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX123359"
        },
        {
          "name": "37501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37501"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "ADV-2009-3587",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3587"
        },
        {
          "name": "39632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39632"
        },
        {
          "name": "SSRT090264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "38687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
        },
        {
          "name": "MS10-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
        },
        {
          "name": "ADV-2010-0982",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0982"
        },
        {
          "name": "SSRT100825",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "37399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37399"
        },
        {
          "name": "USN-927-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-1"
        },
        {
          "name": "1023272",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023272"
        },
        {
          "name": "FEDORA-2009-12606",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "37320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37320"
        },
        {
          "name": "ADV-2009-3165",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3165"
        },
        {
          "name": "ADV-2010-1639",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1639"
        },
        {
          "name": "38020",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38020"
        },
        {
          "name": "USN-923-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-923-1"
        },
        {
          "name": "39243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39243"
        },
        {
          "name": "oval:org.mitre.oval:def:8366",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
        },
        {
          "name": "37453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "name": "SSRT100219",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "DSA-2141",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2141"
        },
        {
          "name": "1024789",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024789"
        },
        {
          "name": "RHSA-2010:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
        },
        {
          "name": "ADV-2011-0033",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0033"
        },
        {
          "name": "RHSA-2010:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
        },
        {
          "name": "1023216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023216"
        },
        {
          "name": "41480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41480"
        },
        {
          "name": "ADV-2011-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0086"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "name": "37604",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/support/search/view/944/"
        },
        {
          "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "name": "TA10-287A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=780"
        },
        {
          "name": "RHSA-2010:0119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
        },
        {
          "name": "38056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38056"
        },
        {
          "name": "ADV-2010-0748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0748"
        },
        {
          "name": "37675",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37675"
        },
        {
          "name": "oval:org.mitre.oval:def:8535",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
        },
        {
          "name": "HPSBMA02547",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
        },
        {
          "name": "38003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4171"
        },
        {
          "name": "1023428",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023428"
        },
        {
          "name": "SSRT100613",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "[oss-security] 20091120 CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
        },
        {
          "name": "ADV-2009-3354",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3354"
        },
        {
          "name": "1023274",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023274"
        },
        {
          "name": "FEDORA-2009-12968",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
        },
        {
          "name": "39242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "GLSA-201203-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
        },
        {
          "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "name": "60972",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60972"
        },
        {
          "name": "1023426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023426"
        },
        {
          "name": "38484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38484"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.betanews.com/article/1257452450"
        },
        {
          "name": "1021653",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata46.html#004_openssl"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "ADV-2010-1191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1191"
        },
        {
          "name": "20091111 Re: SSL/TLS MiTM PoC",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
        },
        {
          "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
        },
        {
          "name": "39713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39713"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "37291",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37291"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-5942",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "273350",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
        },
        {
          "name": "ADV-2010-0994",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0994"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        },
        {
          "name": "ADV-2010-1054",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1054"
        },
        {
          "name": "65202",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/65202"
        },
        {
          "name": "HPSBGN02562",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        },
        {
          "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
        },
        {
          "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://clicky.me/tlsvuln"
        },
        {
          "name": "42811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42811"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3555",
    "datePublished": "2009-11-09T17:00:00",
    "dateReserved": "2009-10-05T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4421 (GCVE-0-2023-4421)

Vulnerability from cvelistv5 – Published: 2023-12-12 17:02 – Updated: 2025-11-04 19:25
VLAI?
Summary
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.
Severity ?
No CVSS data available.
CWE
  • Timing side-channel in PKCS#1 v1.5 decryption depadding code
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.61 (custom)
Create a notification for this product.
Credits
Hubert Kario
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:25:18.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651411"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2023-53/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hubert Kario"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim\u0027s key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS \u003c 3.61."
            }
          ],
          "value": "The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim\u0027s key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS \u003c 3.61."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Timing side-channel in PKCS#1 v1.5 decryption depadding code",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-12T17:02:08.801Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651411"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2023-53/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2023-4421",
    "datePublished": "2023-12-12T17:02:08.801Z",
    "dateReserved": "2023-08-18T13:25:38.056Z",
    "dateUpdated": "2025-11-04T19:25:18.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-43527 (GCVE-0-2021-43527)

Vulnerability from cvelistv5 – Published: 2021-12-08 00:00 – Updated: 2024-08-04 03:55
VLAI?
Summary
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
Severity ?
No CVSS data available.
CWE
  • Memory corruption via DER-encoded DSA and RSA-PSS signatures
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.73 (custom)
Affected: unspecified , < 3.68.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:55:29.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2021-51/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211229-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/"
          },
          {
            "name": "GLSA-202212-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.73",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.68.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS \u003c 3.73 and NSS \u003c 3.68.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption via DER-encoded DSA and RSA-PSS signatures",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2021-51/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470"
        },
        {
          "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/"
        },
        {
          "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211229-0002/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/"
        },
        {
          "name": "GLSA-202212-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2021-43527",
    "datePublished": "2021-12-08T00:00:00",
    "dateReserved": "2021-11-08T00:00:00",
    "dateUpdated": "2024-08-04T03:55:29.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12403 (GCVE-0-2020-12403)

Vulnerability from cvelistv5 – Published: 2021-05-27 00:00 – Updated: 2024-08-04 11:56
VLAI?
Summary
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a nss Affected: nss 3.55
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:51.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868931"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes"
          },
          {
            "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3327-1] nss security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230324-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nss",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "nss 3.55"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-24T00:00:00",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868931"
        },
        {
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes"
        },
        {
          "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3327-1] nss security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230324-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-12403",
    "datePublished": "2021-05-27T00:00:00",
    "dateReserved": "2020-04-28T00:00:00",
    "dateUpdated": "2024-08-04T11:56:51.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17007 (GCVE-0-2019-17007)

Vulnerability from cvelistv5 – Published: 2020-10-22 20:28 – Updated: 2024-08-05 01:24
VLAI?
Summary
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
Severity ?
No CVSS data available.
CWE
  • CERT_DecodeCertPackage() crash with Netscape Certificate Sequences
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.44 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.44",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T06:00:05",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.44"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CERT_DecodeCertPackage() crash with Netscape Certificate Sequences"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2019-17007",
    "datePublished": "2020-10-22T20:28:17",
    "dateReserved": "2019-09-30T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17006 (GCVE-0-2019-17006)

Vulnerability from cvelistv5 – Published: 2020-10-22 20:24 – Updated: 2024-08-05 01:24
VLAI?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Severity ?
No CVSS data available.
CWE
  • missing length checks for cryptographic primitives
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.46 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.46",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "missing length checks for cryptographic primitives",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T06:05:28",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2019-17006",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.46"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "missing length checks for cryptographic primitives"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210129-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2019-17006",
    "datePublished": "2020-10-22T20:24:25",
    "dateReserved": "2019-09-30T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-18508 (GCVE-0-2018-18508)

Vulnerability from cvelistv5 – Published: 2020-10-22 20:14 – Updated: 2024-08-05 11:08
VLAI?
Summary
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
Severity ?
No CVSS data available.
CWE
  • Denial of Service through malformed signatures
Assigner
References
Impacted products
Vendor Product Version
Mozilla NSS Affected: unspecified , < 3.41.1 (custom)
Affected: unspecified , < 3.36.7 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:08:22.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NSS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "3.41.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.36.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service through malformed signatures",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T05:57:40",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2018-18508",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NSS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.41.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.36.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service through malformed signatures"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2018-18508",
    "datePublished": "2020-10-22T20:14:42",
    "dateReserved": "2018-10-19T00:00:00",
    "dateUpdated": "2024-08-05T11:08:22.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5285 (GCVE-0-2016-5285)

Vulnerability from cvelistv5 – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
VLAI?
Summary
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
Severity ?
No CVSS data available.
CWE
  • denial of service
Assigner
References
Impacted products
Vendor Product Version
Mozilla Network Security Services Affected: 3.24
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:48.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94349"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3163-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa137"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Network Security Services",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "3.24"
            }
          ]
        }
      ],
      "datePublic": "2016-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-09T19:53:19",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/94349"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3163-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa137"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-5285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Network Security Services",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "name": "http://www.securityfocus.com/bid/94349",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/201701-46",
              "refsource": "MISC",
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
              "refsource": "MISC",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
              "refsource": "MISC",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "name": "http://www.ubuntu.com/usn/USN-3163-1",
              "refsource": "MISC",
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa137",
              "refsource": "MISC",
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-5285",
    "datePublished": "2019-11-15T15:44:05",
    "dateReserved": "2016-06-03T00:00:00",
    "dateUpdated": "2024-08-06T00:53:48.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8635 (GCVE-0-2016-8635)

Vulnerability from cvelistv5 – Published: 2018-08-01 13:00 – Updated: 2024-08-06 02:27
VLAI?
Summary
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Severity ?
5.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Mozilla nss Affected: 3.21.x
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
          },
          {
            "name": "RHSA-2016:2779",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
          },
          {
            "name": "GLSA-201701-46",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "name": "94346",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94346"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nss",
          "vendor": "Mozilla",
          "versions": [
            {
              "status": "affected",
              "version": "3.21.x"
            }
          ]
        }
      ],
      "datePublic": "2016-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-02T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635"
        },
        {
          "name": "RHSA-2016:2779",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
        },
        {
          "name": "GLSA-201701-46",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "name": "94346",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94346"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8635",
    "datePublished": "2018-08-01T13:00:00",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1938 (GCVE-0-2016-1938)

Vulnerability from cvelistv5 – Published: 2016-01-31 18:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/81955 vdb-entryx_refsource_BID
http://www.debian.org/security/2016/dsa-3688 vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id/1034825 vdb-entryx_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-46 vendor-advisoryx_refsource_GENTOO
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2903-2 vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2880-1 vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2903-1 vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2880-2 vendor-advisoryx_refsource_UBUNTU
https://github.com/hannob/bignum-fuzz/blob/master… x_refsource_MISC
https://developer.mozilla.org/en-US/docs/Mozilla/… x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
https://blog.fuzzing-project.org/37-Mozilla-NSS-W… x_refsource_MISC
http://www.ubuntu.com/usn/USN-2973-1 vendor-advisoryx_refsource_UBUNTU
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/91787 vdb-entryx_refsource_BID
https://github.com/hannob/bignum-fuzz/blob/master… x_refsource_MISC
https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://hg.mozilla.org/projects/nss/diff/a555bf0f… x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "81955",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/81955"
          },
          {
            "name": "DSA-3688",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3688"
          },
          {
            "name": "1034825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034825"
          },
          {
            "name": "GLSA-201701-46",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-46"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "USN-2903-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2903-2"
          },
          {
            "name": "USN-2880-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2880-1"
          },
          {
            "name": "USN-2903-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2903-1"
          },
          {
            "name": "USN-2880-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2880-2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
          },
          {
            "name": "SUSE-SU-2016:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"
          },
          {
            "name": "USN-2973-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2973-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"
          },
          {
            "name": "openSUSE-SU-2016:0309",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"
          },
          {
            "name": "GLSA-201605-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201605-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"
          },
          {
            "name": "openSUSE-SU-2016:0306",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "81955",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/81955"
        },
        {
          "name": "DSA-3688",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3688"
        },
        {
          "name": "1034825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034825"
        },
        {
          "name": "GLSA-201701-46",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-46"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "USN-2903-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2903-2"
        },
        {
          "name": "USN-2880-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2880-1"
        },
        {
          "name": "USN-2903-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2903-1"
        },
        {
          "name": "USN-2880-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2880-2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
        },
        {
          "name": "SUSE-SU-2016:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"
        },
        {
          "name": "USN-2973-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2973-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"
        },
        {
          "name": "openSUSE-SU-2016:0309",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"
        },
        {
          "name": "GLSA-201605-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201605-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"
        },
        {
          "name": "openSUSE-SU-2016:0306",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-1938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "81955",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/81955"
            },
            {
              "name": "DSA-3688",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3688"
            },
            {
              "name": "1034825",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034825"
            },
            {
              "name": "GLSA-201701-46",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2903-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2903-2"
            },
            {
              "name": "USN-2880-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2880-1"
            },
            {
              "name": "USN-2903-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2903-1"
            },
            {
              "name": "USN-2880-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2880-2"
            },
            {
              "name": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c",
              "refsource": "MISC",
              "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes",
              "refsource": "MISC",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
            },
            {
              "name": "SUSE-SU-2016:0338",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"
            },
            {
              "name": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html",
              "refsource": "MISC",
              "url": "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"
            },
            {
              "name": "USN-2973-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2973-1"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"
            },
            {
              "name": "openSUSE-SU-2016:0309",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c",
              "refsource": "MISC",
              "url": "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"
            },
            {
              "name": "GLSA-201605-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"
            },
            {
              "name": "openSUSE-SU-2016:0306",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"
            },
            {
              "name": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c",
              "refsource": "CONFIRM",
              "url": "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-1938",
    "datePublished": "2016-01-31T18:00:00",
    "dateReserved": "2016-01-20T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3555 (GCVE-0-2009-3555)

Vulnerability from cvelistv5 – Published: 2009-11-09 17:00 – Updated: 2024-08-07 06:31
VLAI?
Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://www.securitytracker.com/id?1023427 vdb-entryx_refsource_SECTRACK
http://support.avaya.com/css/P8/documents/100081611 x_refsource_CONFIRM
http://osvdb.org/62210 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/37640 third-party-advisoryx_refsource_SECUNIA
http://www.arubanetworks.com/support/alerts/aid-0… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0916 vdb-entryx_refsource_VUPEN
http://support.avaya.com/css/P8/documents/100114327 x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/2010 vdb-entryx_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0086 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1673 vdb-entryx_refsource_VUPEN
http://www.ietf.org/mail-archive/web/tls/current/… mailing-listx_refsource_MLIST
http://secunia.com/advisories/37656 third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-08… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/39628 third-party-advisoryx_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://secunia.com/advisories/42724 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3310 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3205 vdb-entryx_refsource_VUPEN
http://blogs.sun.com/security/entry/vulnerability… x_refsource_CONFIRM
http://secunia.com/advisories/39461 third-party-advisoryx_refsource_SECUNIA
http://support.avaya.com/css/P8/documents/100114315 x_refsource_CONFIRM
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201406-32.xml vendor-advisoryx_refsource_GENTOO
http://www.ingate.com/Relnote.php?ver=481 x_refsource_CONFIRM
http://www.securitytracker.com/id?1023204 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/40866 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134254866602253&w=2 vendor-advisoryx_refsource_HP
http://www.us-cert.gov/cas/techalerts/TA10-222A.html third-party-advisoryx_refsource_CERT
http://www.securitytracker.com/id?1023211 vdb-entryx_refsource_SECTRACK
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://secunia.com/advisories/39317 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023212 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/39127 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/40545 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3069 vdb-entryx_refsource_VUPEN
http://openbsd.org/errata45.html#010_openssl vendor-advisoryx_refsource_OPENBSD
http://www.securitytracker.com/id?1023210 vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id?1023270 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/40070 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023273 vdb-entryx_refsource_SECTRACK
http://kbase.redhat.com/faq/docs/DOC-20491 x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-927-5 vendor-advisoryx_refsource_UBUNTU
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
http://www.openssl.org/news/secadv_20091111.txt x_refsource_CONFIRM
http://www.securitytracker.com/id?1023275 vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2015/dsa-3253 vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/3484 vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023207 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/37859 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=142660345230545&w=2 vendor-advisoryx_refsource_HP
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/0848 vdb-entryx_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/11/07/3 mailing-listx_refsource_MLIST
http://secunia.com/advisories/39819 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://www.links.org/?p=786 x_refsource_MISC
http://osvdb.org/60521 vdb-entryx_refsource_OSVDB
http://www.openwall.com/lists/oss-security/2009/1… mailing-listx_refsource_MLIST
http://www.kb.cert.org/vuls/id/120541 third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id?1023217 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3353 vdb-entryx_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/39136 third-party-advisoryx_refsource_SECUNIA
http://www.openoffice.org/security/cves/CVE-2009-… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0032 vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1023148 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/36935 vdb-entryx_refsource_BID
http://www.tombom.co.uk/blog/?p=85 x_refsource_MISC
http://marc.info/?l=bugtraq&m=130497311408250&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2010/1107 vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023218 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2010/1350 vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-03… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/42379 third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://www.securitytracker.com/id?1023213 vdb-entryx_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/1793 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://extendedsubset.com/?p=8 x_refsource_MISC
http://secunia.com/advisories/37292 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/522176 vendor-advisoryx_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/39278 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023205 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142660345230545&w=2 vendor-advisoryx_refsource_HP
http://tomcat.apache.org/native-doc/miscellaneous… x_refsource_CONFIRM
http://support.apple.com/kb/HT4004 x_refsource_CONFIRM
http://www.securitytracker.com/id?1023215 vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1010-1 vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id?1023206 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200912-01.xml vendor-advisoryx_refsource_GENTOO
http://marc.info/?l=bugtraq&m=127419602507642&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/3313 vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://www.securitytracker.com/id?1023208 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/43308 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023214 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/38781 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133469267822771&w=2 vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=127419602507642&w=2 vendor-advisoryx_refsource_HP
http://www.debian.org/security/2009/dsa-1934 vendor-advisoryx_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.securitytracker.com/id?1023271 vdb-entryx_refsource_SECTRACK
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://marc.info/?l=cryptography&m=125752275331877&w=2 mailing-listx_refsource_MLIST
http://secunia.com/advisories/42467 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508130/100… mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.securitytracker.com/id?1023224 vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-927-4 vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/41490 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508075/100… mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023243 vdb-entryx_refsource_SECTRACK
http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiat… x_refsource_MISC
http://secunia.com/advisories/37504 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023219 vdb-entryx_refsource_SECTRACK
http://sysoev.ru/nginx/patch.cve-2009-3555.txt x_refsource_CONFIRM
http://xss.cx/examples/plesk-reports/plesk-parall… x_refsource_MISC
http://www.securitytracker.com/id?1023163 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/3521 vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.itrc.hp.com/service/cki/docDisplay.do?… vendor-advisoryx_refsource_HP
http://support.zeus.com/zws/news/2010/01/13/zws_4… x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533125 x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/44183 third-party-advisoryx_refsource_SECUNIA
http://support.zeus.com/zws/media/docs/4.3/RELEAS… x_refsource_CONFIRM
http://secunia.com/advisories/42808 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/39500 third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3220 vdb-entryx_refsource_VUPEN
http://itrc.hp.com/service/cki/docDisplay.do?docI… vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=127557596201693&w=2 vendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100… mailing-listx_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2010-09… vendor-advisoryx_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=545755 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://blogs.iss.net/archive/sslmitmiscsrf.html x_refsource_MISC
http://www.securitytracker.com/id?1023411 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-03… vendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-09… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3164 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/37383 third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/44954 third-party-advisoryx_refsource_SECUNIA
http://www.ietf.org/mail-archive/web/tls/current/… mailing-listx_refsource_MLIST
http://marc.info/?l=bugtraq&m=127557596201693&w=2 vendor-advisoryx_refsource_HP
http://support.avaya.com/css/P8/documents/100070150 x_refsource_CONFIRM
http://secunia.com/advisories/40747 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2 vendor-advisoryx_refsource_HP
http://www.securityfocus.com/archive/1/522176 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/39292 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42816 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://extendedsubset.com/Renegotiating_TLS.pdf x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://support.apple.com/kb/HT4170 x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/507952/100… mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id?1023209 vdb-entryx_refsource_SECTRACK
http://www-1.ibm.com/support/search.wss?rs=0&q=PM… vendor-advisoryx_refsource_AIXAPAR
http://www.vmware.com/support/vsphere4/doc/vsp_vc… x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130497311408250&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/48577 third-party-advisoryx_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
http://www.links.org/?p=789 x_refsource_MISC
http://www.opera.com/docs/changelogs/unix/1060/ x_refsource_CONFIRM
http://www.securegoose.org/2009/11/tls-renegotiat… x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2011-08… vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/06/3 mailing-listx_refsource_MLIST
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2009-0155 x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://support.citrix.com/article/CTX123359 x_refsource_CONFIRM
http://secunia.com/advisories/37501 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2 vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2009/3587 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/39632 third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126150535619567&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/38687 third-party-advisoryx_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=526689 x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
http://www.vupen.com/english/advisories/2010/0982 vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=133469267822771&w=2 vendor-advisoryx_refsource_HP
http://secunia.com/advisories/37399 third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-927-1 vendor-advisoryx_refsource_UBUNTU
http://www.securitytracker.com/id?1023272 vdb-entryx_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/3126 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/37320 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3165 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1639 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/38020 third-party-advisoryx_refsource_SECUNIA
http://ubuntu.com/usn/usn-923-1 vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/39243 third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/37453 third-party-advisoryx_refsource_SECUNIA
http://www.hitachi.co.jp/Prod/comp/soft1/security… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0933 vdb-entryx_refsource_VUPEN
http://www.itrc.hp.com/service/cki/docDisplay.do?… vendor-advisoryx_refsource_HP
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
http://secunia.com/advisories/41972 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3086 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2011/dsa-2141 vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id?1024789 vdb-entryx_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://www.educatedguesswork.org/2009/11/understa… x_refsource_MISC
http://www.vupen.com/english/advisories/2011/0033 vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-03… vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id?1023216 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/41480 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0086 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/41818 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/37604 third-party-advisoryx_refsource_SECUNIA
http://www.opera.com/support/search/view/944/ x_refsource_CONFIRM
http://marc.info/?l=apache-httpd-announce&m=12575… mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.us-cert.gov/cas/techalerts/TA10-287A.html third-party-advisoryx_refsource_CERT
http://www.links.org/?p=780 x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-01… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/38056 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0748 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/37675 third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://itrc.hp.com/service/cki/docDisplay.do?docI… vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=127128920008563&w=2 vendor-advisoryx_refsource_HP
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
https://svn.resiprocate.org/rep/ietf-drafts/ekr/d… x_refsource_MISC
http://secunia.com/advisories/38003 third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT4171 x_refsource_CONFIRM
http://www.securitytracker.com/id?1023428 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=132077688910227&w=2 vendor-advisoryx_refsource_HP
http://www.openwall.com/lists/oss-security/2009/11/20/1 mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2009/3354 vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023274 vdb-entryx_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/39242 third-party-advisoryx_refsource_SECUNIA
https://kb.bluecoat.com/index?page=content&id=SA50 x_refsource_CONFIRM
http://secunia.com/advisories/38241 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42377 third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201203-22.xml vendor-advisoryx_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/11/05/3 mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://osvdb.org/60972 vdb-entryx_refsource_OSVDB
http://www.securitytracker.com/id?1023426 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/38484 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.betanews.com/article/1257452450 x_refsource_MISC
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://www.mozilla.org/security/announce/2010/mfs… x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/516397/100… mailing-listx_refsource_BUGTRAQ
http://openbsd.org/errata46.html#004_openssl vendor-advisoryx_refsource_OPENBSD
http://secunia.com/advisories/41967 third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2010-08… vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/1191 vdb-entryx_refsource_VUPEN
http://seclists.org/fulldisclosure/2009/Nov/139 mailing-listx_refsource_FULLDISC
https://support.f5.com/kb/en-us/solutions/public/… x_refsource_MISC
http://www.openwall.com/lists/oss-security/2009/11/05/5 mailing-listx_refsource_MLIST
http://secunia.com/advisories/39713 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42733 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/37291 third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2010/2745 vdb-entryx_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://www.vupen.com/english/advisories/2010/0994 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0173 vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1054 vdb-entryx_refsource_VUPEN
http://osvdb.org/65202 vdb-entryx_refsource_OSVDB
http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
http://lists.gnu.org/archive/html/gnutls-devel/20… mailing-listx_refsource_MLIST
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
http://clicky.me/tlsvuln x_refsource_MISC
http://secunia.com/advisories/42811 third-party-advisoryx_refsource_SECUNIA
https://lists.apache.org/thread.html/ba661b0edd91… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f8e0814e11c7… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf8e8c091182… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re3b72cbb13e… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-05-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
          },
          {
            "name": "1023427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023427"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100081611"
          },
          {
            "name": "62210",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62210"
          },
          {
            "name": "37640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
          },
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114327"
          },
          {
            "name": "RHSA-2010:0167",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
          },
          {
            "name": "ADV-2010-2010",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2010"
          },
          {
            "name": "FEDORA-2009-12750",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
          },
          {
            "name": "ADV-2010-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0086"
          },
          {
            "name": "ADV-2010-1673",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1673"
          },
          {
            "name": "[tls] 20091104 TLS renegotiation issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
          },
          {
            "name": "37656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37656"
          },
          {
            "name": "RHSA-2010:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
          },
          {
            "name": "39628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "ADV-2009-3310",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3310"
          },
          {
            "name": "ADV-2009-3205",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100114315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ingate.com/Relnote.php?ver=481"
          },
          {
            "name": "1023204",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023204"
          },
          {
            "name": "40866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40866"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "TA10-222A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
          },
          {
            "name": "1023211",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023211"
          },
          {
            "name": "SSRT090249",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "39317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39317"
          },
          {
            "name": "1023212",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023212"
          },
          {
            "name": "SUSE-SA:2010:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
          },
          {
            "name": "39127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39127"
          },
          {
            "name": "40545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40545"
          },
          {
            "name": "ADV-2010-3069",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3069"
          },
          {
            "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata45.html#010_openssl"
          },
          {
            "name": "1023210",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023210"
          },
          {
            "name": "1023270",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023270"
          },
          {
            "name": "40070",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40070"
          },
          {
            "name": "1023273",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
          },
          {
            "name": "USN-927-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-5"
          },
          {
            "name": "PM12247",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
          },
          {
            "name": "SUSE-SU-2011:0847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
          },
          {
            "name": "MDVSA-2010:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
          },
          {
            "name": "RHSA-2010:0770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20091111.txt"
          },
          {
            "name": "1023275",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023275"
          },
          {
            "name": "DSA-3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3253"
          },
          {
            "name": "ADV-2009-3484",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3484"
          },
          {
            "name": "1023207",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023207"
          },
          {
            "name": "37859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37859"
          },
          {
            "name": "SSRT101846",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "name": "1021752",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
          },
          {
            "name": "FEDORA-2010-6131",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
          },
          {
            "name": "ADV-2010-0848",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0848"
          },
          {
            "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
          },
          {
            "name": "39819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39819"
          },
          {
            "name": "IC68055",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=786"
          },
          {
            "name": "60521",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60521"
          },
          {
            "name": "[oss-security] 20091123 Re: CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
          },
          {
            "name": "VU#120541",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/120541"
          },
          {
            "name": "1023217",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023217"
          },
          {
            "name": "RHSA-2010:0768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
          },
          {
            "name": "ADV-2009-3353",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3353"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "39136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39136"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
          },
          {
            "name": "ADV-2011-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0032"
          },
          {
            "name": "1023148",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023148"
          },
          {
            "name": "openSUSE-SU-2011:0845",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
          },
          {
            "name": "36935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tombom.co.uk/blog/?p=85"
          },
          {
            "name": "SSRT090208",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "1023218",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023218"
          },
          {
            "name": "ADV-2010-1350",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1350"
          },
          {
            "name": "RHSA-2010:0338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
          },
          {
            "name": "42379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42379"
          },
          {
            "name": "FEDORA-2009-12775",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
          },
          {
            "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
          },
          {
            "name": "IC67848",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
          },
          {
            "name": "1023213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023213"
          },
          {
            "name": "FEDORA-2010-16240",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
          },
          {
            "name": "ADV-2010-1793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1793"
          },
          {
            "name": "oval:org.mitre.oval:def:11617",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/?p=8"
          },
          {
            "name": "37292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37292"
          },
          {
            "name": "SSRT100817",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "tls-renegotiation-weak-security(54158)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
          },
          {
            "name": "APPLE-SA-2010-05-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
          },
          {
            "name": "39278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39278"
          },
          {
            "name": "1023205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023205"
          },
          {
            "name": "RHSA-2010:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
          },
          {
            "name": "HPSBUX02482",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
          },
          {
            "name": "HPSBHF03293",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4004"
          },
          {
            "name": "1023215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023215"
          },
          {
            "name": "USN-1010-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1010-1"
          },
          {
            "name": "1023206",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023206"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "SSRT090180",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "ADV-2009-3313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3313"
          },
          {
            "name": "274990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
          },
          {
            "name": "1023208",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023208"
          },
          {
            "name": "43308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43308"
          },
          {
            "name": "1023214",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023214"
          },
          {
            "name": "SUSE-SA:2009:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
          },
          {
            "name": "38781",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38781"
          },
          {
            "name": "HPSBOV02762",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "HPSBMA02534",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
          },
          {
            "name": "DSA-1934",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1934"
          },
          {
            "name": "FEDORA-2009-12782",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7478",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
          },
          {
            "name": "1023271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023271"
          },
          {
            "name": "APPLE-SA-2010-01-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
          },
          {
            "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:7315",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
          },
          {
            "name": "1023224",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023224"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "USN-927-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-4"
          },
          {
            "name": "41490",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41490"
          },
          {
            "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
          },
          {
            "name": "1023243",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023243"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
          },
          {
            "name": "37504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37504"
          },
          {
            "name": "1023219",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
          },
          {
            "name": "1023163",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023163"
          },
          {
            "name": "HPSBHF02706",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "ADV-2009-3521",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3521"
          },
          {
            "name": "oval:org.mitre.oval:def:7973",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
          },
          {
            "name": "HPSBMA02568",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
          },
          {
            "name": "oval:org.mitre.oval:def:10088",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
          },
          {
            "name": "42808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42808"
          },
          {
            "name": "39500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39500"
          },
          {
            "name": "oval:org.mitre.oval:def:11578",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
          },
          {
            "name": "ADV-2009-3220",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3220"
          },
          {
            "name": "SSRT100179",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100089",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "name": "RHSA-2010:0165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "RHSA-2010:0987",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
          },
          {
            "name": "1023411",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023411"
          },
          {
            "name": "RHSA-2010:0339",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
          },
          {
            "name": "RHSA-2010:0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
          },
          {
            "name": "ADV-2009-3164",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3164"
          },
          {
            "name": "37383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37383"
          },
          {
            "name": "FEDORA-2009-12229",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
          },
          {
            "name": "44954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44954"
          },
          {
            "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
          },
          {
            "name": "HPSBUX02524",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100070150"
          },
          {
            "name": "40747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40747"
          },
          {
            "name": "HPSBUX02498",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "HPSBMU02759",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522176"
          },
          {
            "name": "39292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39292"
          },
          {
            "name": "42816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42816"
          },
          {
            "name": "IC68054",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
          },
          {
            "name": "273029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
          },
          {
            "name": "FEDORA-2009-12604",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4170"
          },
          {
            "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
          },
          {
            "name": "1023209",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023209"
          },
          {
            "name": "PM00675",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "HPSBOV02683",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "name": "48577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48577"
          },
          {
            "name": "SSA:2009-320-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/docs/changelogs/unix/1060/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
          },
          {
            "name": "RHSA-2011:0880",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
          },
          {
            "name": "SUSE-SR:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
          },
          {
            "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
          },
          {
            "name": "FEDORA-2009-12305",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
          },
          {
            "name": "SUSE-SR:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX123359"
          },
          {
            "name": "37501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37501"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "ADV-2009-3587",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3587"
          },
          {
            "name": "39632",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39632"
          },
          {
            "name": "SSRT090264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
          },
          {
            "name": "38687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
          },
          {
            "name": "MS10-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
          },
          {
            "name": "ADV-2010-0982",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0982"
          },
          {
            "name": "SSRT100825",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
          },
          {
            "name": "37399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37399"
          },
          {
            "name": "USN-927-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-927-1"
          },
          {
            "name": "1023272",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023272"
          },
          {
            "name": "FEDORA-2009-12606",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "37320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37320"
          },
          {
            "name": "ADV-2009-3165",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3165"
          },
          {
            "name": "ADV-2010-1639",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1639"
          },
          {
            "name": "38020",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38020"
          },
          {
            "name": "USN-923-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-923-1"
          },
          {
            "name": "39243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39243"
          },
          {
            "name": "oval:org.mitre.oval:def:8366",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
          },
          {
            "name": "37453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "SSRT100219",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "41972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41972"
          },
          {
            "name": "ADV-2010-3086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3086"
          },
          {
            "name": "DSA-2141",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2141"
          },
          {
            "name": "1024789",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024789"
          },
          {
            "name": "RHSA-2010:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
          },
          {
            "name": "ADV-2011-0033",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0033"
          },
          {
            "name": "RHSA-2010:0337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
          },
          {
            "name": "1023216",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023216"
          },
          {
            "name": "41480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41480"
          },
          {
            "name": "ADV-2011-0086",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0086"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "37604",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/support/search/view/944/"
          },
          {
            "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "name": "TA10-287A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.links.org/?p=780"
          },
          {
            "name": "RHSA-2010:0119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
          },
          {
            "name": "38056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38056"
          },
          {
            "name": "ADV-2010-0748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0748"
          },
          {
            "name": "37675",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37675"
          },
          {
            "name": "oval:org.mitre.oval:def:8535",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
          },
          {
            "name": "HPSBMA02547",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "RHSA-2010:0786",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
          },
          {
            "name": "38003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4171"
          },
          {
            "name": "1023428",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023428"
          },
          {
            "name": "SSRT100613",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
          },
          {
            "name": "[oss-security] 20091120 CVEs for nginx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
          },
          {
            "name": "ADV-2009-3354",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3354"
          },
          {
            "name": "1023274",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023274"
          },
          {
            "name": "FEDORA-2009-12968",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
          },
          {
            "name": "39242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "38241",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38241"
          },
          {
            "name": "42377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42377"
          },
          {
            "name": "GLSA-201203-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
          },
          {
            "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
          },
          {
            "name": "SUSE-SR:2010:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
          },
          {
            "name": "60972",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/60972"
          },
          {
            "name": "1023426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023426"
          },
          {
            "name": "38484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38484"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.betanews.com/article/1257452450"
          },
          {
            "name": "1021653",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://openbsd.org/errata46.html#004_openssl"
          },
          {
            "name": "41967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41967"
          },
          {
            "name": "RHSA-2010:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
          },
          {
            "name": "ADV-2010-1191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1191"
          },
          {
            "name": "20091111 Re: SSL/TLS MiTM PoC",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
          },
          {
            "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
          },
          {
            "name": "39713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39713"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "37291",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37291"
          },
          {
            "name": "FEDORA-2010-16312",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
          },
          {
            "name": "FEDORA-2010-5942",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
          },
          {
            "name": "ADV-2010-2745",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2745"
          },
          {
            "name": "273350",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
          },
          {
            "name": "ADV-2010-0994",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0994"
          },
          {
            "name": "ADV-2010-0173",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0173"
          },
          {
            "name": "ADV-2010-1054",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1054"
          },
          {
            "name": "65202",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/65202"
          },
          {
            "name": "HPSBGN02562",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
          },
          {
            "name": "FEDORA-2010-16294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
          },
          {
            "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
          },
          {
            "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://clicky.me/tlsvuln"
          },
          {
            "name": "42811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42811"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-05-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
        },
        {
          "name": "1023427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023427"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100081611"
        },
        {
          "name": "62210",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62210"
        },
        {
          "name": "37640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
        },
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114327"
        },
        {
          "name": "RHSA-2010:0167",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html"
        },
        {
          "name": "ADV-2010-2010",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2010"
        },
        {
          "name": "FEDORA-2009-12750",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"
        },
        {
          "name": "ADV-2010-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0086"
        },
        {
          "name": "ADV-2010-1673",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1673"
        },
        {
          "name": "[tls] 20091104 TLS renegotiation issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
        },
        {
          "name": "37656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37656"
        },
        {
          "name": "RHSA-2010:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html"
        },
        {
          "name": "39628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "ADV-2009-3310",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3310"
        },
        {
          "name": "ADV-2009-3205",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100114315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ingate.com/Relnote.php?ver=481"
        },
        {
          "name": "1023204",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023204"
        },
        {
          "name": "40866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40866"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "TA10-222A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
        },
        {
          "name": "1023211",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023211"
        },
        {
          "name": "SSRT090249",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "39317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39317"
        },
        {
          "name": "1023212",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023212"
        },
        {
          "name": "SUSE-SA:2010:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
        },
        {
          "name": "39127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39127"
        },
        {
          "name": "40545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40545"
        },
        {
          "name": "ADV-2010-3069",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3069"
        },
        {
          "name": "[4.5] 010: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata45.html#010_openssl"
        },
        {
          "name": "1023210",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023210"
        },
        {
          "name": "1023270",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023270"
        },
        {
          "name": "40070",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40070"
        },
        {
          "name": "1023273",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kbase.redhat.com/faq/docs/DOC-20491"
        },
        {
          "name": "USN-927-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-5"
        },
        {
          "name": "PM12247",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
        },
        {
          "name": "SUSE-SU-2011:0847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
        },
        {
          "name": "MDVSA-2010:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"
        },
        {
          "name": "RHSA-2010:0770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20091111.txt"
        },
        {
          "name": "1023275",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023275"
        },
        {
          "name": "DSA-3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3253"
        },
        {
          "name": "ADV-2009-3484",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3484"
        },
        {
          "name": "1023207",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023207"
        },
        {
          "name": "37859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37859"
        },
        {
          "name": "SSRT101846",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "name": "1021752",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
        },
        {
          "name": "FEDORA-2010-6131",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"
        },
        {
          "name": "ADV-2010-0848",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0848"
        },
        {
          "name": "[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
        },
        {
          "name": "39819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39819"
        },
        {
          "name": "IC68055",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=786"
        },
        {
          "name": "60521",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60521"
        },
        {
          "name": "[oss-security] 20091123 Re: CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
        },
        {
          "name": "VU#120541",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/120541"
        },
        {
          "name": "1023217",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023217"
        },
        {
          "name": "RHSA-2010:0768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html"
        },
        {
          "name": "ADV-2009-3353",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3353"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "39136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39136"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html"
        },
        {
          "name": "ADV-2011-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0032"
        },
        {
          "name": "1023148",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023148"
        },
        {
          "name": "openSUSE-SU-2011:0845",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
        },
        {
          "name": "36935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tombom.co.uk/blog/?p=85"
        },
        {
          "name": "SSRT090208",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "1023218",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023218"
        },
        {
          "name": "ADV-2010-1350",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1350"
        },
        {
          "name": "RHSA-2010:0338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
        },
        {
          "name": "42379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42379"
        },
        {
          "name": "FEDORA-2009-12775",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"
        },
        {
          "name": "20091109 Transport Layer Security Renegotiation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
        },
        {
          "name": "IC67848",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"
        },
        {
          "name": "1023213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023213"
        },
        {
          "name": "FEDORA-2010-16240",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"
        },
        {
          "name": "ADV-2010-1793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1793"
        },
        {
          "name": "oval:org.mitre.oval:def:11617",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11617"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/?p=8"
        },
        {
          "name": "37292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37292"
        },
        {
          "name": "SSRT100817",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "tls-renegotiation-weak-security(54158)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
        },
        {
          "name": "APPLE-SA-2010-05-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
        },
        {
          "name": "39278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39278"
        },
        {
          "name": "1023205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023205"
        },
        {
          "name": "RHSA-2010:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html"
        },
        {
          "name": "HPSBUX02482",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"
        },
        {
          "name": "HPSBHF03293",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4004"
        },
        {
          "name": "1023215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023215"
        },
        {
          "name": "USN-1010-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1010-1"
        },
        {
          "name": "1023206",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023206"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "SSRT090180",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "ADV-2009-3313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3313"
        },
        {
          "name": "274990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
        },
        {
          "name": "1023208",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023208"
        },
        {
          "name": "43308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43308"
        },
        {
          "name": "1023214",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023214"
        },
        {
          "name": "SUSE-SA:2009:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
        },
        {
          "name": "38781",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38781"
        },
        {
          "name": "HPSBOV02762",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "HPSBMA02534",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
        },
        {
          "name": "DSA-1934",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1934"
        },
        {
          "name": "FEDORA-2009-12782",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7478",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7478"
        },
        {
          "name": "1023271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023271"
        },
        {
          "name": "APPLE-SA-2010-01-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
        },
        {
          "name": "[cryptography] 20091105 OpenSSL 0.9.8l released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:7315",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7315"
        },
        {
          "name": "1023224",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023224"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "USN-927-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-4"
        },
        {
          "name": "41490",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41490"
        },
        {
          "name": "20091124 rPSA-2009-0155-1 httpd mod_ssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
        },
        {
          "name": "1023243",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023243"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
        },
        {
          "name": "37504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37504"
        },
        {
          "name": "1023219",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
        },
        {
          "name": "1023163",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023163"
        },
        {
          "name": "HPSBHF02706",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "ADV-2009-3521",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3521"
        },
        {
          "name": "oval:org.mitre.oval:def:7973",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7973"
        },
        {
          "name": "HPSBMA02568",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
        },
        {
          "name": "oval:org.mitre.oval:def:10088",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10088"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"
        },
        {
          "name": "42808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42808"
        },
        {
          "name": "39500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39500"
        },
        {
          "name": "oval:org.mitre.oval:def:11578",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11578"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
        },
        {
          "name": "ADV-2009-3220",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3220"
        },
        {
          "name": "SSRT100179",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100089",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "name": "RHSA-2010:0165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "RHSA-2010:0987",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
        },
        {
          "name": "1023411",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023411"
        },
        {
          "name": "RHSA-2010:0339",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html"
        },
        {
          "name": "RHSA-2010:0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html"
        },
        {
          "name": "ADV-2009-3164",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3164"
        },
        {
          "name": "37383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37383"
        },
        {
          "name": "FEDORA-2009-12229",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"
        },
        {
          "name": "44954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44954"
        },
        {
          "name": "[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
        },
        {
          "name": "HPSBUX02524",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100070150"
        },
        {
          "name": "40747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40747"
        },
        {
          "name": "HPSBUX02498",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "HPSBMU02759",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/522176"
        },
        {
          "name": "39292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39292"
        },
        {
          "name": "42816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42816"
        },
        {
          "name": "IC68054",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"
        },
        {
          "name": "273029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
        },
        {
          "name": "FEDORA-2009-12604",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://extendedsubset.com/Renegotiating_TLS.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4170"
        },
        {
          "name": "20091118 TLS / SSLv3 vulnerability explained (DRAFT)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
        },
        {
          "name": "1023209",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023209"
        },
        {
          "name": "PM00675",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=PM00675\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "HPSBOV02683",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
        },
        {
          "name": "48577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48577"
        },
        {
          "name": "SSA:2009-320-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/docs/changelogs/unix/1060/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
        },
        {
          "name": "RHSA-2011:0880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
        },
        {
          "name": "SUSE-SR:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
        },
        {
          "name": "[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
        },
        {
          "name": "FEDORA-2009-12305",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155"
        },
        {
          "name": "SUSE-SR:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX123359"
        },
        {
          "name": "37501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37501"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "ADV-2009-3587",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3587"
        },
        {
          "name": "39632",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39632"
        },
        {
          "name": "SSRT090264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
        },
        {
          "name": "38687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
        },
        {
          "name": "MS10-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
        },
        {
          "name": "ADV-2010-0982",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0982"
        },
        {
          "name": "SSRT100825",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
        },
        {
          "name": "37399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37399"
        },
        {
          "name": "USN-927-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-927-1"
        },
        {
          "name": "1023272",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023272"
        },
        {
          "name": "FEDORA-2009-12606",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "37320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37320"
        },
        {
          "name": "ADV-2009-3165",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3165"
        },
        {
          "name": "ADV-2010-1639",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1639"
        },
        {
          "name": "38020",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38020"
        },
        {
          "name": "USN-923-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-923-1"
        },
        {
          "name": "39243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39243"
        },
        {
          "name": "oval:org.mitre.oval:def:8366",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8366"
        },
        {
          "name": "37453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "name": "SSRT100219",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "41972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41972"
        },
        {
          "name": "ADV-2010-3086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3086"
        },
        {
          "name": "DSA-2141",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2141"
        },
        {
          "name": "1024789",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024789"
        },
        {
          "name": "RHSA-2010:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
        },
        {
          "name": "ADV-2011-0033",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0033"
        },
        {
          "name": "RHSA-2010:0337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
        },
        {
          "name": "1023216",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023216"
        },
        {
          "name": "41480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41480"
        },
        {
          "name": "ADV-2011-0086",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0086"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "name": "37604",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/support/search/view/944/"
        },
        {
          "name": "[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "name": "TA10-287A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.links.org/?p=780"
        },
        {
          "name": "RHSA-2010:0119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
        },
        {
          "name": "38056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38056"
        },
        {
          "name": "ADV-2010-0748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0748"
        },
        {
          "name": "37675",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37675"
        },
        {
          "name": "oval:org.mitre.oval:def:8535",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8535"
        },
        {
          "name": "HPSBMA02547",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "RHSA-2010:0786",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
        },
        {
          "name": "38003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4171"
        },
        {
          "name": "1023428",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023428"
        },
        {
          "name": "SSRT100613",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
        },
        {
          "name": "[oss-security] 20091120 CVEs for nginx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
        },
        {
          "name": "ADV-2009-3354",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3354"
        },
        {
          "name": "1023274",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023274"
        },
        {
          "name": "FEDORA-2009-12968",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"
        },
        {
          "name": "39242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "38241",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38241"
        },
        {
          "name": "42377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42377"
        },
        {
          "name": "GLSA-201203-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
        },
        {
          "name": "[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
        },
        {
          "name": "SUSE-SR:2010:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
        },
        {
          "name": "60972",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/60972"
        },
        {
          "name": "1023426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023426"
        },
        {
          "name": "38484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38484"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.betanews.com/article/1257452450"
        },
        {
          "name": "1021653",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "[4.6] 004: SECURITY FIX: November 26, 2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://openbsd.org/errata46.html#004_openssl"
        },
        {
          "name": "41967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41967"
        },
        {
          "name": "RHSA-2010:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"
        },
        {
          "name": "ADV-2010-1191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1191"
        },
        {
          "name": "20091111 Re: SSL/TLS MiTM PoC",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2009/Nov/139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
        },
        {
          "name": "[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
        },
        {
          "name": "39713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39713"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "37291",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37291"
        },
        {
          "name": "FEDORA-2010-16312",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"
        },
        {
          "name": "FEDORA-2010-5942",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"
        },
        {
          "name": "ADV-2010-2745",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2745"
        },
        {
          "name": "273350",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
        },
        {
          "name": "ADV-2010-0994",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0994"
        },
        {
          "name": "ADV-2010-0173",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0173"
        },
        {
          "name": "ADV-2010-1054",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1054"
        },
        {
          "name": "65202",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/65202"
        },
        {
          "name": "HPSBGN02562",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"
        },
        {
          "name": "FEDORA-2010-16294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"
        },
        {
          "name": "[gnutls-devel] 20091105 Re: TLS renegotiation MITM",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
        },
        {
          "name": "20131121 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://clicky.me/tlsvuln"
        },
        {
          "name": "42811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42811"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3555",
    "datePublished": "2009-11-09T17:00:00",
    "dateReserved": "2009-10-05T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}